diff options
author | Douwe Maan <douwe@gitlab.com> | 2015-11-17 15:40:54 +0100 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2015-11-17 15:40:54 +0100 |
commit | e849b51cae8956c9d4eebe9c42804443a55edb83 (patch) | |
tree | 69d96404ed3d9fb6f10d59334cffce4c4cf62725 /doc/release/security.md | |
parent | 56ea71a3b19396b01b3b8495337fbf22c534524f (diff) | |
parent | 1c040b3f0a3ecb18fc8fdea3cf99b70edad8d873 (diff) | |
download | gitlab-ce-e849b51cae8956c9d4eebe9c42804443a55edb83.tar.gz |
Merge branch 'master' into james11/gitlab-ce-removable-group-owner
Diffstat (limited to 'doc/release/security.md')
-rw-r--r-- | doc/release/security.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/release/security.md b/doc/release/security.md index 60bcfbb6da5..b1a62b333e6 100644 --- a/doc/release/security.md +++ b/doc/release/security.md @@ -8,7 +8,7 @@ Do a security release when there is a critical issue that needs to be addresses ## Security vulnerability disclosure -Please report suspected security vulnerabilities in private to <support@gitlab.com>, also see the [disclosure section on the GitLab.com website](http://about.gitlab.com/disclosure/). Please do NOT create publicly viewable issues for suspected security vulnerabilities. +Please report suspected security vulnerabilities in private to <support@gitlab.com>, also see the [disclosure section on the GitLab.com website](https://about.gitlab.com/disclosure/). Please do NOT create publicly viewable issues for suspected security vulnerabilities. ## Release Procedure @@ -25,7 +25,7 @@ Please report suspected security vulnerabilities in private to <support@gitlab.c 1. Send tweets about the release from `@gitlabhq` 1. Send out an email to [the community google mailing list](https://groups.google.com/forum/#!forum/gitlabhq) 1. Post a signed copy of our complete announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number. CVE is only needed for bugs that allow someone to own the server (Remote Code Execution) or access to code of projects they are not a member of. -1. Add the security researcher to the [Security Researcher Acknowledgments list](http://about.gitlab.com/vulnerability-acknowledgements/) +1. Add the security researcher to the [Security Researcher Acknowledgments list](https://about.gitlab.com/vulnerability-acknowledgements/) 1. Thank the security researcher in an email for their cooperation 1. Update the blog post and the CHANGELOG when we receive the CVE number |