Opened 6 years ago
Closed 5 years ago
#4311 closed defect (bug) (fixed)
Forums: Add notice not to report vulnerabilities
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | Priority: | normal | |
Component: | Support Forums | Keywords: | |
Cc: |
Description
Sometimes people report 0-days in the forums. Perhaps we should add a notice not to report those and direct people to the right places.
Core: https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/
Plugins: https://developer.wordpress.org/plugins/wordpress-org/plugin-security/reporting-plugin-security-issues/
Props to @benlk for the idea!
Change History (6)
#5
@
6 years ago
The notice is now live:
Reporting a security issue? Please read Reporting Security Vulnerabilities to do that safely.
I've linked to the Core handbook article, as it appears to be more comprehensive and covers plugins, WordPress.com, and self-hosted WordPress sites.
We should probably also add something to that effect to Forum Welcome, keeping the ticket open for that.
The current text on forum submit pages is this:
Suggested revisions:
This ticket results from the discussion in Slack's #meta at https://wordpress.slack.com/archives/C02QB8GMM/p1553200752319200