mirror of
https://github.com/Airsonic-Pulse/airsonic-pulse.git
synced 2026-07-09 21:18:27 +00:00
docs: update route and doc for security reports/reporting
This commit is contained in:
parent
05a904b17c
commit
76a1cdf7c5
2 changed files with 2 additions and 74 deletions
4
.github/ISSUE_TEMPLATE/config.yml
vendored
4
.github/ISSUE_TEMPLATE/config.yml
vendored
|
|
@ -6,6 +6,6 @@ contact_links:
|
|||
- name: Subsonic API Compatibility
|
||||
url: https://www.subsonic.org/pages/api.jsp
|
||||
about: Reference documentation for the Subsonic REST API that Airsonic-Pulse implements.
|
||||
- name: Security Vulnerabilities (Critical)
|
||||
- name: Security Vulnerabilities
|
||||
url: https://github.com/litebito/airsonic-pulse/security/advisories/new
|
||||
about: Report critical or exploitable security vulnerabilities privately via GitHub Security Advisories — do not open a public issue.
|
||||
about: All security vulnerabilities must be reported privately via GitHub Security Advisories. Do not open a public issue.
|
||||
|
|
@ -1,72 +0,0 @@
|
|||
name: Security Vulnerability
|
||||
description: Report a security vulnerability in Airsonic-Pulse
|
||||
title: "[Security]: "
|
||||
labels: ["security", "triage"]
|
||||
body:
|
||||
- type: markdown
|
||||
attributes:
|
||||
value: |
|
||||
## Before submitting
|
||||
|
||||
**If this vulnerability is critical or could be exploited in the wild, please do not open a public issue.**
|
||||
Report it privately via [GitHub Security Advisories](https://github.com/litebito/airsonic-pulse/security/advisories/new) instead.
|
||||
|
||||
Use this template only for lower-severity issues that are safe to disclose publicly.
|
||||
|
||||
- type: dropdown
|
||||
id: severity
|
||||
attributes:
|
||||
label: Severity
|
||||
description: Your assessment of the severity of this vulnerability.
|
||||
options:
|
||||
- "Low — informational, minimal impact"
|
||||
- "Medium — limited impact, requires specific conditions"
|
||||
- "High — significant impact, exploitable in common configurations"
|
||||
- "Critical — please use GitHub Security Advisories instead"
|
||||
validations:
|
||||
required: true
|
||||
|
||||
- type: input
|
||||
id: affected-versions
|
||||
attributes:
|
||||
label: Affected Versions
|
||||
description: Which versions of Airsonic-Pulse are affected?
|
||||
placeholder: "e.g. 11.0.0 – 12.0.0"
|
||||
validations:
|
||||
required: true
|
||||
|
||||
- type: textarea
|
||||
id: description
|
||||
attributes:
|
||||
label: Vulnerability Description
|
||||
description: Describe the vulnerability and what an attacker could achieve by exploiting it.
|
||||
validations:
|
||||
required: true
|
||||
|
||||
- type: textarea
|
||||
id: reproduction
|
||||
attributes:
|
||||
label: Steps to Reproduce
|
||||
description: Provide minimal steps to reproduce the vulnerability.
|
||||
placeholder: |
|
||||
1.
|
||||
2.
|
||||
3.
|
||||
validations:
|
||||
required: true
|
||||
|
||||
- type: textarea
|
||||
id: impact
|
||||
attributes:
|
||||
label: Impact
|
||||
description: What data, functionality, or users could be affected?
|
||||
validations:
|
||||
required: true
|
||||
|
||||
- type: textarea
|
||||
id: mitigation
|
||||
attributes:
|
||||
label: Suggested Mitigation
|
||||
description: If you have a suggested fix or workaround, describe it here.
|
||||
validations:
|
||||
required: false
|
||||
Loading…
Add table
Add a link
Reference in a new issue