Changeset View
Changeset View
Standalone View
Standalone View
src/docs/user/reporting_security.diviner
@title Reporting Security Vulnerabilities | @title Reporting Security Vulnerabilities | ||||
@group intro | @group intro | ||||
Describes how to report security vulnerabilities in Phabricator. | Describes how to report security vulnerabilities in Phorge. | ||||
Overview | Overview | ||||
======== | ======== | ||||
Phabricator runs a disclosure and award program through | Phorge accepts bug reports on the upstream install. Please use the | ||||
[[ https://www.hackerone.com/ | HackerOne ]]. This program is the best way to | [[https://we.phorge.it/maniphest/task/edit/form/1/ | security reporting form]] | ||||
submit security issues to us, and awards responsible disclosure of | to report security vulnerabilities. | ||||
vulnerabilities with cash bounties. You can find our project page | |||||
here: | |||||
(NOTE) https://hackerone.com/phabricator | If you aren't sure if something qualifies, you can submit the issue as a normal | ||||
bug report. For instructions, see @{article:Contributing Bug Reports}. | |||||
The project page has detailed information about the scope of the program and | General information about security changes is reported in the | ||||
how to participate. | [[ https://we.phorge.it/w/changelog/ | Changelog ]]. | ||||
We have a 24 hour response timeline, and are usually able to respond to (and, | |||||
very often, fix) issues more quickly than that. | |||||
Other Channels | |||||
============== | |||||
If you aren't sure if something qualifies or don't want to report via | |||||
HackerOne, you can submit the issue as a normal bug report. For instructions, | |||||
see @{article:Contributing Bug Reports}. | |||||
Get Updated | |||||
=========== | |||||
General information about security changes is reported weekly in the | |||||
[[ https://secure.phabricator.com/w/changelog/ | Changelog ]]. |
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0