Typo's and tweaks.

bolt · Aug 8, 2018 · f8dcb88 · f8dcb88
1 parent 5182cbd
commit f8dcb88
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 12 deletions.
diff --git a/.github/ISSUE_TEMPLATE/1_Bug.md b/.github/ISSUE_TEMPLATE/1_Bug.md
@@ -19,14 +19,14 @@ See: https://github.com/bolt/bolt/blob/master/.github/CONTRIBUTING.md
 Details
 -------
 
-|    Q        |   A
-|--------------- | ------
+| Question                      | Answer
+|----------------- | ------
 | Relevant Bolt Version | legacy / 3.5 / 3.6 / master
-| Install type          |  Zip or tar install / Composer install / GitHub checkout
-| BC Break              | yes/no
-| PHP version           | 5.5 / 5.6 / 7.0 / 7.1 / 7.2
-| Web server            | Apache / Nginx / Built-in, version [ version ]
-| For UX/UI issues      | Browser name and version
+| Install type                   |  Zip or tar install / Composer install / GitHub checkout
+| BC Break                     | yes/no
+| PHP version                 | 5.5 / 5.6 / 7.0 / 7.1 / 7.2
+| Web server                  | Apache / Nginx / Built-in, version [ version ]
+| For UX/UI issues        | Browser name and version
 
 
 Reproduction

diff --git a/.github/ISSUE_TEMPLATE/5_Theme_issue.md b/.github/ISSUE_TEMPLATE/5_Theme_issue.md
@@ -1,6 +1,6 @@
 ---
 name: 🖼 Base-2018 / Skeleton Theme Issue
-about: See https://github.com/bolt/themes/issues for documentation issues
+about: See https://github.com/bolt/themes/issues for theme issues
 ---
 
 The Bolt themes have their own dedicated repository. Please open your

diff --git a/.github/ISSUE_TEMPLATE/6_Security_issue.md b/.github/ISSUE_TEMPLATE/6_Security_issue.md
@@ -1,12 +1,30 @@
 ---
-name: 🔐 Support Question
-about: Having trouble with Bolt? -> http://bolt.cm/community.
+name: 🔐 Security Issue
+about: Discovered a Security Issue in Bolt?
 ---
 
 ⚠️ PLEASE DON'T DISCLOSE SECURITY-RELATED ISSUES PUBLICLY, SEE BELOW.
 
 If you have found a security issue in Bolt, please send the details to
-security@bolt.cm and don't disclose it publicly until we can provide a
-fix for it.
+security@bolt.cm and don't disclose it publicly until we can provide a fix for
+it. If you wish, we'll credit you for finding verified issues, when we release
+the patched version.
+
+A note on "Self XSS"
+--------------------
+
+Bolt is a CMS, that allows users to edit content on a website. As such,
+all _authenticated users_ can:
+
+ - Edit content, and (depending on the field types) insert HTML and CSS in that
+   content, with a variety of allowed attributes.
+ - Depending on the user level: Edit template files, and insert HTML, CSS and
+   javascript in those.
+ - Upload files to the site, which will become publicly available. In the
+   default settings, this includes `.PDF` and `.SVG` files.
+
+We see these functionalities as _features_, and not as security issues. Please
+report the mentioned items only if they can be performed by non-authorized
+users, or other exploitable vulnerabilities.
 
 Thanks!