From 2b9a4ead3d5d3fb2a38cdc3b2c177c557daa06bc Mon Sep 17 00:00:00 2001 From: Jesse McConnell Date: Thu, 18 Aug 2016 13:53:08 -0500 Subject: [PATCH] Resolve #725 add page for reporting security issues --- .../reference/contributing/chapter.adoc | 1 + .../reference/contributing/security.adoc | 30 +++++++++++++++++++ .../troubleshooting/security-reports.adoc | 2 ++ 3 files changed, 33 insertions(+) create mode 100644 jetty-documentation/src/main/asciidoc/reference/contributing/security.adoc diff --git a/jetty-documentation/src/main/asciidoc/reference/contributing/chapter.adoc b/jetty-documentation/src/main/asciidoc/reference/contributing/chapter.adoc index a26f9239096..7e7ab092dd6 100644 --- a/jetty-documentation/src/main/asciidoc/reference/contributing/chapter.adoc +++ b/jetty-documentation/src/main/asciidoc/reference/contributing/chapter.adoc @@ -26,5 +26,6 @@ include::source-build.adoc[] include::coding-standards.adoc[] include::bugs.adoc[] include::patches.adoc[] +include::security.adoc[] include::releasing-jetty.adoc[] include::release-testing.adoc[] \ No newline at end of file diff --git a/jetty-documentation/src/main/asciidoc/reference/contributing/security.adoc b/jetty-documentation/src/main/asciidoc/reference/contributing/security.adoc new file mode 100644 index 00000000000..c304bc58559 --- /dev/null +++ b/jetty-documentation/src/main/asciidoc/reference/contributing/security.adoc @@ -0,0 +1,30 @@ +// ======================================================================== +// Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd. +// ======================================================================== +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Eclipse Public License v1.0 +// and Apache License v2.0 which accompanies this distribution. +// +// The Eclipse Public License is available at +// http://www.eclipse.org/legal/epl-v10.html +// +// The Apache License v2.0 is available at +// http://www.opensource.org/licenses/apache2.0.php +// +// You may elect to redistribute this code under either of these licenses. +// ======================================================================== + +[[security-reporting]] +=== Reporting Security Issues + +There are a number of avenues for reporting security issues to the Jetty project available. +If the issue is directly related to Jetty itself then reporting to the Jetty developers is encouraged. +The most direct method is to mail _security@webtide.com_. +Since Webtide is comprised of the active committers of the Jetty project this is our preferred reporting method. +We are generally flexible in how we work with reporters of security issues but we reserve the right to act in the interests of the Jetty project in all circumstances. + +If the issue is related to Eclipse or its Jetty integration then we encourage you to reach out to _security@eclipse.org_. + +If the issue is related to integrations with Jetty we are happy to work with you to identify the proper entity and either of the approaches above is fine. + +We prefer that security issues are reported directly to Jetty developers as opposed through GitHub Issues since it has no facility to tag issues as _private_. \ No newline at end of file diff --git a/jetty-documentation/src/main/asciidoc/reference/troubleshooting/security-reports.adoc b/jetty-documentation/src/main/asciidoc/reference/troubleshooting/security-reports.adoc index c60b279deb8..42e9be7a401 100644 --- a/jetty-documentation/src/main/asciidoc/reference/troubleshooting/security-reports.adoc +++ b/jetty-documentation/src/main/asciidoc/reference/troubleshooting/security-reports.adoc @@ -19,6 +19,8 @@ The following sections provide information about Jetty security issues. +If you would like to report a security issue please follow these link:#security-reporting[instructions]. + .Resolved Issues [width="99%",cols="11%,19%,14%,9%,14%,14%,19%",options="header",] |=======================================================================