-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create a Security Policy #3106
Comments
Hi,
Thanks for your message;
https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
looks
a good plan. I will enable it asap. The PR is about to be merged also.
|
I think it would not hurt to have a The |
Thank you for working on this 🙏 Please note that the |
@benoitc could this issue be re-opened until the current |
gunicorn lacks a
SECURITY.md
Recent security sensitive bugs have been reported privately, not been addressed, and then reported publicly #3091. That reporter is disclosing security reports publicly now #3104.
By defining a Security Policy, gunicorn can set clear expectations to reporters who want to keep gunicorn and users safe. Here's GitHub Security's policy as an example.
Another option is to use GitHub's private vulnerability reporting feature: https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
The text was updated successfully, but these errors were encountered: