add security.txt and /contact#help-security
parent
e3584ba868
commit
16acd4ff31
|
@ -196,6 +196,29 @@ object contact {
|
|||
p("If you faced an error page, you may report it:"),
|
||||
howToReportBugs
|
||||
)),
|
||||
Leaf("security", "Security vulnerability", frag(
|
||||
p(s"Please report security issues to $contactEmail."),
|
||||
p(
|
||||
"Like all contributions to Lichess, security reviews and pentesting are appreciated. ",
|
||||
"Note that Lichess is built by volunteers and we currently do not have a bug bounty program. ",
|
||||
"At your option, we're happy to publicly thank you for any findings."
|
||||
),
|
||||
p(
|
||||
"Vulnerabilities are relevant even when they are not directly exploitable, ",
|
||||
"for example XSS mitigated by CSP."
|
||||
),
|
||||
p(
|
||||
"When doing your research, please minimize negative impact for other users. ",
|
||||
"As long as you keep this in mind, testing should not require prior coordination. ",
|
||||
"Avoid spamming, DDoS and volumetric attacks."
|
||||
),
|
||||
p(
|
||||
"We believe transport encryption should be sufficient for all reports. ",
|
||||
"If you insist on using PGP, please clarify the nature of the message ",
|
||||
"in the plain-text subject and encrypt for ",
|
||||
a(href := "/.well-known/gpg.asc")("multiple recipients"), "."
|
||||
)
|
||||
)),
|
||||
Leaf("other-bug", "Other bug", frag(
|
||||
p("If you found a new bug, you may report it:"),
|
||||
howToReportBugs
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
Contact: mailto:contact@lichess.org
|
||||
Encryption: https://lichess.org/.well-known/gpg.asc
|
||||
Preferred-Languages: en
|
||||
Canonical: https://lichess.org/.well-known/security.txt
|
||||
Policy: http://localhost/contact#help-security
|
Loading…
Reference in New Issue