docs: update route and doc for security reports/reporting

This commit is contained in:
litebito 2026-05-13 20:06:04 +02:00
parent 05a904b17c
commit 76a1cdf7c5
2 changed files with 2 additions and 74 deletions

View file

@ -6,6 +6,6 @@ contact_links:
- name: Subsonic API Compatibility
url: https://www.subsonic.org/pages/api.jsp
about: Reference documentation for the Subsonic REST API that Airsonic-Pulse implements.
- name: Security Vulnerabilities (Critical)
- name: Security Vulnerabilities
url: https://github.com/litebito/airsonic-pulse/security/advisories/new
about: Report critical or exploitable security vulnerabilities privately via GitHub Security Advisories — do not open a public issue.
about: All security vulnerabilities must be reported privately via GitHub Security Advisories. Do not open a public issue.

View file

@ -1,72 +0,0 @@
name: Security Vulnerability
description: Report a security vulnerability in Airsonic-Pulse
title: "[Security]: "
labels: ["security", "triage"]
body:
- type: markdown
attributes:
value: |
## Before submitting
**If this vulnerability is critical or could be exploited in the wild, please do not open a public issue.**
Report it privately via [GitHub Security Advisories](https://github.com/litebito/airsonic-pulse/security/advisories/new) instead.
Use this template only for lower-severity issues that are safe to disclose publicly.
- type: dropdown
id: severity
attributes:
label: Severity
description: Your assessment of the severity of this vulnerability.
options:
- "Low — informational, minimal impact"
- "Medium — limited impact, requires specific conditions"
- "High — significant impact, exploitable in common configurations"
- "Critical — please use GitHub Security Advisories instead"
validations:
required: true
- type: input
id: affected-versions
attributes:
label: Affected Versions
description: Which versions of Airsonic-Pulse are affected?
placeholder: "e.g. 11.0.0 12.0.0"
validations:
required: true
- type: textarea
id: description
attributes:
label: Vulnerability Description
description: Describe the vulnerability and what an attacker could achieve by exploiting it.
validations:
required: true
- type: textarea
id: reproduction
attributes:
label: Steps to Reproduce
description: Provide minimal steps to reproduce the vulnerability.
placeholder: |
1.
2.
3.
validations:
required: true
- type: textarea
id: impact
attributes:
label: Impact
description: What data, functionality, or users could be affected?
validations:
required: true
- type: textarea
id: mitigation
attributes:
label: Suggested Mitigation
description: If you have a suggested fix or workaround, describe it here.
validations:
required: false