Differential D25007 Diff 23 src/docs/user/reporting_security.diviner

Changeset View

Standalone View

src/docs/user/reporting_security.diviner

	@title Reporting Security Vulnerabilities			@title Reporting Security Vulnerabilities
	@group intro			@group intro

	Describes how to report security vulnerabilities in Phabricator.			Describes how to report security vulnerabilities in Phorge.

	Overview			Overview
	========			========

	Phabricator runs a disclosure and award program through			Phorge accepts bug reports on the upstream install. Please use the
	[[ https://www.hackerone.com/ \| HackerOne ]]. This program is the best way to			[[https://we.phorge.it/maniphest/task/edit/form/1/ \| security reporting form]]
	submit security issues to us, and awards responsible disclosure of			to report security vulnerabilities.
	vulnerabilities with cash bounties. You can find our project page
	here:

	(NOTE) https://hackerone.com/phabricator			If you aren't sure if something qualifies, you can submit the issue as a normal
				bug report. For instructions, see @{article:Contributing Bug Reports}.

	The project page has detailed information about the scope of the program and			General information about security changes is reported in the
	how to participate.			[[ https://we.phorge.it/w/changelog/ \| Changelog ]].

	We have a 24 hour response timeline, and are usually able to respond to (and,
	very often, fix) issues more quickly than that.


	Other Channels
	==============

	If you aren't sure if something qualifies or don't want to report via
	HackerOne, you can submit the issue as a normal bug report. For instructions,
	see @{article:Contributing Bug Reports}.


	Get Updated
	===========

	General information about security changes is reported weekly in the
	[[ https://secure.phabricator.com/w/changelog/ \| Changelog ]].