From 70930e08ec5f35da0224b4d9d18d6fe04f50c2bc Mon Sep 17 00:00:00 2001 From: Matt Palmer Date: Fri, 10 May 2024 18:30:11 +1000 Subject: [PATCH] Add security reporting contact This seems like the least painful option for security reporting management. --- README.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2efc8e57..e46ec958 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,7 @@ To contribute to the project, begin by cloning the repo and installing the neces gem install json rack ruby-prof test-spec test-unit -To run the entire test suite, run +To run the entire test suite, run rake test @@ -84,7 +84,7 @@ To run a specific component's tests run specrb -Ilib:test -w test/spec_rack_thecomponent.rb -This works on ruby 1.8.7 but has problems under ruby 1.9.x. +This works on ruby 1.8.7 but has problems under ruby 1.9.x. TODO: instructions for 1.9.x and include bundler @@ -98,10 +98,16 @@ The criteria for middleware being included in this project are roughly as follow These criteria were introduced several years after the start of the project, so some of the included middleware may not meet all of them. In particular, several middleware have external dependencies. It is possible that in some future release of rack-contrib, middleware with external depencies will be removed from the project. When submitting code keep the above criteria in mind and also see the code -guidelines in CONTRIBUTING.md. +guidelines in CONTRIBUTING.md. ### Links * rack-contrib on GitHub:: * Rack:: * Rack On GitHub:: + + +### Security Reporting + +To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). +Tidelift will coordinate the fix and disclosure.