From ac9026f4d451119e9f26eeabad844e218d4b6ecb Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Tue, 28 Jan 2025 11:04:44 -0800 Subject: [PATCH] chore: link SECURITY.md (#5168) Signed-off-by: Arko Dasgupta --- .github/ISSUE_TEMPLATE/config.yml | 4 ---- .github/ISSUE_TEMPLATE/non--crash-security--bug.md | 3 +-- README.md | 4 ++++ 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index e15c5a08f65..3ba13e0cec6 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,5 +1 @@ blank_issues_enabled: false -contact_links: -- name: "Crash bug" - url: https://github.com/envoyproxy/envoy/security/policy - about: "Please file any crash bug with envoy-security@googlegroups.com." diff --git a/.github/ISSUE_TEMPLATE/non--crash-security--bug.md b/.github/ISSUE_TEMPLATE/non--crash-security--bug.md index 87489f3b47f..d88df9c88db 100644 --- a/.github/ISSUE_TEMPLATE/non--crash-security--bug.md +++ b/.github/ISSUE_TEMPLATE/non--crash-security--bug.md @@ -9,8 +9,7 @@ assignees: '' *Description*: >What issue is being seen? Describe what should be happening instead of -the bug, for example: Envoy should not crash, the expected value isn't -returned, etc. +the bug, for example: The expected value isn't returned, etc. *Repro steps*: > Include sample requests, environment, etc. All data and inputs diff --git a/README.md b/README.md index d6ada96af70..344b54dd5a2 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,10 @@ Kubernetes-based application gateway. * [Contributing guide](https://gateway.envoyproxy.io/contributions/contributing/) * [Developer guide](https://gateway.envoyproxy.io/contributions/develop/) +## Security Reporting + +If youve found a security vulnerability or a process crash, please follow the instructions in [SECURITY.md](./SECURITY.md) to submit a report. + ## Community Meeting The Envoy Gateway team meets every Tuesday and Thursday. We also have a separate meeting to be held in the