Hi PSC and devs!
I have enabled GitHub's feature to add a 'report a vulnerability'
button, for the MapServer repo, when a user clicks on the "Security"
link in the header (see screen capture at
https://github.com/MapServer/MapServer/pull/7298 ). The filed report
should only be visible to PSC members and the reporter. It also allows
us to "triage" the reports etc. (we can of course improve this process
when we see it in action)
docs about this feature:
https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability
Thanks,
-jeff
--
Jeff McKenna
GatewayGeo: Developers of MS4W, & offering MapServer Consulting/Dev
co-founder of FOSS4G
http://gatewaygeo.com/
_______________________________________________
MapServer-dev mailing list
MapServer-dev@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/mapserver-dev
