Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/release
diff options
context:
space:
mode:
authorDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2015-03-10 03:38:42 +0300
committerDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2015-03-10 03:38:42 +0300
commitddd381c9a51b3408cf303283c466c7f70baf7e6a (patch)
tree1097032b63e58a089873c1ed6745179ab543f62b /doc/release
parent2a76c7fd8a94f40575ac16f42c29ec55c38bad0a (diff)
Add criteria for requesting CVE
Diffstat (limited to 'doc/release')
-rw-r--r--doc/release/security.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/release/security.md b/doc/release/security.md
index b67e0f37a04..1575fcf2708 100644
--- a/doc/release/security.md
+++ b/doc/release/security.md
@@ -22,7 +22,7 @@ Please report suspected security vulnerabilities in private to <support@gitlab.c
1. Merge and publish the blog posts
1. Send tweets about the release from `@gitlabhq`
1. Send out an email to [the community google mailing list](https://groups.google.com/forum/#!forum/gitlabhq)
-1. Post a signed copy of our complete announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number
+1. Post a signed copy of our complete announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number. CVE is only needed for bugs that allow someone to own the server (Remote Code Execution) or access to code of projects they are not a member of.
1. Add the security researcher to the [Security Researcher Acknowledgments list](http://about.gitlab.com/vulnerability-acknowledgements/)
1. Thank the security researcher in an email for their cooperation
1. Update the blog post and the CHANGELOG when we receive the CVE number
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-15 01:56:55 +0300