From 68c58630deb0e1eb4413efd7087432115326eaf7 Mon Sep 17 00:00:00 2001 From: ahmedsobeh Date: Wed, 29 May 2024 12:34:04 +0200 Subject: [PATCH 1/5] adding security policy Signed-off-by: ahmedsobeh --- SECURITY.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..c3b18382 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,7 @@ +## Reporting a Vulnerability + +If you believe you've discovered a security vulnerability, please contact the Valkey team at security@lists.valkey.io. +Please *DO NOT* create an issue. +We follow a responsible disclosure procedure, so depending on the severity of the issue we may notify Valkey vendors about the issue before releasing it publicly. +If you would like to be added to our list of vendors, please reach out to the Valkey team at maintainers@lists.valkey.io. + From 53303ffed1e1fcfcd88cbd5e978f6e68de23c2a8 Mon Sep 17 00:00:00 2001 From: ahmedsobeh Date: Thu, 30 May 2024 09:19:46 +0100 Subject: [PATCH 2/5] updating contributing.md Signed-off-by: ahmedsobeh --- CONTRIBUTING.md | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0a82b3b4..7fa2f295 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -182,20 +182,7 @@ Please try at least versions of Docker. ### Security Vulnerabilities -**NOTE**: If you find a security vulnerability, do NOT open an issue. -Email [Salvatore Mesoraca ()](mailto:salvatore.mesoraca@aiven.io) instead. - -In order to determine whether you are dealing with a security issue, ask -yourself these two questions: - -- Can I access something that's not mine, or something I shouldn't - have access to? -- Can I disable something for other people? - -If the answer to either of those two questions are *yes*, then you're -probably dealing with a security issue. Note that even if you answer -*no* to both questions, you may still be dealing with a security -issue, so if you're unsure, just email [us](mailto:salvatore.mesoraca@aiven.io). +Reporting a vulnerability? See [SECURITY.md](https://github.com/valkey-io/valkey-py/blob/main/SECURITY.md). ### Everything Else From ab23003ad8f95fc2a3236732726f714f2bd123bf Mon Sep 17 00:00:00 2001 From: ahmedsobeh Date: Thu, 30 May 2024 23:29:04 +0100 Subject: [PATCH 3/5] updating contributing.md Signed-off-by: ahmedsobeh --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7fa2f295..7a6faf1a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -182,7 +182,7 @@ Please try at least versions of Docker. ### Security Vulnerabilities -Reporting a vulnerability? See [SECURITY.md](https://github.com/valkey-io/valkey-py/blob/main/SECURITY.md). +Reporting a vulnerability? See SECURITY.md. ### Everything Else From a74ab9574dc7daa58ddc518f5cf806ef01ec5d7e Mon Sep 17 00:00:00 2001 From: ahmedsobeh Date: Thu, 30 May 2024 23:38:49 +0100 Subject: [PATCH 4/5] updating contributing.md Signed-off-by: ahmedsobeh --- CONTRIBUTING.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7a6faf1a..939b3da1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -180,9 +180,10 @@ Please try at least versions of Docker. ## How to Report a Bug + ### Security Vulnerabilities -Reporting a vulnerability? See SECURITY.md. +Reporting a vulnerability? See [SECURITY.md](https://github.com/valkey-io/valkey-py/blob/main/SECURITY.md). ### Everything Else From 78e1da05c03b3796b078f0b09abae5c454a1d2fb Mon Sep 17 00:00:00 2001 From: ahmedsobeh Date: Thu, 30 May 2024 23:40:16 +0100 Subject: [PATCH 5/5] updating contributing.md Signed-off-by: ahmedsobeh --- .github/wordlist.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/wordlist.txt b/.github/wordlist.txt index 7035f7ea..2b4b87de 100644 --- a/.github/wordlist.txt +++ b/.github/wordlist.txt @@ -158,3 +158,4 @@ valkey valkeymodules virtualenv www +md