Skip to content

Commit 0a87317

Browse files
jkbrztisidentical
jkbrzt
authored and
isidentical
committed
Tweak SECURITY and add a Security policy section to docs
1 parent 614866e commit 0a87317

File tree

2 files changed

+17
-9
lines changed

2 files changed

+17
-9
lines changed

SECURITY.md

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,14 @@
1-
# Security Policy
1+
# Security policy
22

3-
## Reporting a Vulnerability
3+
## Reporting a vulnerability
44

5-
To report a vulnerability, please send an email to `[email protected]` describing the:
5+
When you identify a vulnerability in HTTPie, please report it privately using one of the following channels:
66

7-
- The description of the vulnerability itself
8-
- A short reproducer to verify it (you can submit a small HTTP server, a shell script, a docker image etc.)
9-
- The severity level classification (`LOW`/`MEDIUM`/`HIGH`/`CRITICAL`)
10-
- If associated with any, the [CWE](https://cwe.mitre.org/) ID.
7+
- Email to [`[email protected]`](mailto:[email protected])
8+
- Report on [huntr.dev](https://huntr.dev/)
9+
10+
In addition to the description of the vulnerability, please include also:
11+
12+
- A short reproducer to verify it (it can be a small HTTP server, shell script, docker image, etc.)
13+
- Your deemed severity level of the vulnerability (`LOW`/`MEDIUM`/`HIGH`/`CRITICAL`)
14+
- [CWE](https://cwe.mitre.org/) ID, if available.

docs/README.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2252,7 +2252,7 @@ $ http --session=./session.json pie.dev/headers Cookie:foo=bar
22522252
22532253
In summary:
22542254
2255-
- Cookies set via the CLI overwrite cookies of the same name inside session files.
2255+
- Cookies set via the CLI overwrite cookies of the same name inside session files.
22562256
- Server-sent `Set-Cookie` header cookies overwrite any pre-existing ones with the same name.
22572257
22582258
Cookie expiration handling:
@@ -2293,7 +2293,7 @@ Upgraded 'session.json' @ 'pie.dev' to v3.1.0
22932293
These flags are available for both `sessions upgrade` and `sessions upgrade-all`:
22942294
22952295
------------------|------------------------------------------
2296-
`--bind-cookies` | Bind all previously [unbound cookies](#host-based-cookie-policy) to the session’s host.
2296+
`--bind-cookies` | Bind all previously [unbound cookies](#host-based-cookie-policy) to the session’s host.
22972297
22982298
## Config
22992299
@@ -2532,6 +2532,10 @@ Helpers to convert from other client tools:
25322532
25332533
See [CONTRIBUTING](https://github.com/httpie/httpie/blob/master/CONTRIBUTING.md).
25342534
2535+
### Security policy
2536+
2537+
See [github.com/httpie/httpie/security/policy](https://github.com/httpie/httpie/security/policy).
2538+
25352539
### Change log
25362540
25372541
See [CHANGELOG](https://github.com/httpie/httpie/blob/master/CHANGELOG.md).

0 commit comments

Comments
 (0)