diff options
author | Andrew Gallant <jamslam@gmail.com> | 2021-05-29 09:53:18 -0400 |
---|---|---|
committer | Andrew Gallant <jamslam@gmail.com> | 2021-05-29 09:53:18 -0400 |
commit | 2e2af50a4df0bd424c3a06eabf42fa0ea0aad1bc (patch) | |
tree | dab70f4093994c2106a495d918277783e016a2d2 | |
parent | 229d1a8d41b0023420e7815578fa0b39c0d5c2e4 (diff) |
doc: add vulnerability report docs
Fixes #1773
-rw-r--r-- | CHANGELOG.md | 3 | ||||
-rw-r--r-- | README.md | 8 |
2 files changed, 11 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 8aa0d3d2..baaafa75 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,9 @@ Security fixes: Fixes a security hole on Windows where running ripgrep with either the `-z/--search-zip` or `--pre` flags can result in running arbitrary executables from the current directory. +* [VULN #1773](https://github.com/BurntSushi/ripgrep/issues/1773): + This is the public facing issue tracking CVE-2021-3013. ripgrep's README + now contains a section describing how to report a vulnerability. Feature enhancements: @@ -425,6 +425,14 @@ $ cargo test --all from the repository root. +### Vulnerability reporting + +For reporting a security vulnerability, please +[contact Andrew Gallant](https://blog.burntsushi.net/about/), +which has my email address and PGP public key if you wish to send an encrypted +message. + + ### Translations The following is a list of known translations of ripgrep's documentation. These |