add security.txt and /contact#help-security
parent
e3584ba868
commit
16acd4ff31
|
@ -196,6 +196,29 @@ object contact {
|
||||||
p("If you faced an error page, you may report it:"),
|
p("If you faced an error page, you may report it:"),
|
||||||
howToReportBugs
|
howToReportBugs
|
||||||
)),
|
)),
|
||||||
|
Leaf("security", "Security vulnerability", frag(
|
||||||
|
p(s"Please report security issues to $contactEmail."),
|
||||||
|
p(
|
||||||
|
"Like all contributions to Lichess, security reviews and pentesting are appreciated. ",
|
||||||
|
"Note that Lichess is built by volunteers and we currently do not have a bug bounty program. ",
|
||||||
|
"At your option, we're happy to publicly thank you for any findings."
|
||||||
|
),
|
||||||
|
p(
|
||||||
|
"Vulnerabilities are relevant even when they are not directly exploitable, ",
|
||||||
|
"for example XSS mitigated by CSP."
|
||||||
|
),
|
||||||
|
p(
|
||||||
|
"When doing your research, please minimize negative impact for other users. ",
|
||||||
|
"As long as you keep this in mind, testing should not require prior coordination. ",
|
||||||
|
"Avoid spamming, DDoS and volumetric attacks."
|
||||||
|
),
|
||||||
|
p(
|
||||||
|
"We believe transport encryption should be sufficient for all reports. ",
|
||||||
|
"If you insist on using PGP, please clarify the nature of the message ",
|
||||||
|
"in the plain-text subject and encrypt for ",
|
||||||
|
a(href := "/.well-known/gpg.asc")("multiple recipients"), "."
|
||||||
|
)
|
||||||
|
)),
|
||||||
Leaf("other-bug", "Other bug", frag(
|
Leaf("other-bug", "Other bug", frag(
|
||||||
p("If you found a new bug, you may report it:"),
|
p("If you found a new bug, you may report it:"),
|
||||||
howToReportBugs
|
howToReportBugs
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
Contact: mailto:contact@lichess.org
|
||||||
|
Encryption: https://lichess.org/.well-known/gpg.asc
|
||||||
|
Preferred-Languages: en
|
||||||
|
Canonical: https://lichess.org/.well-known/security.txt
|
||||||
|
Policy: http://localhost/contact#help-security
|
Loading…
Reference in New Issue