ReportingVulnerabilities

Pierre Tardy edited this page Jan 10, 2018 · 1 revision

If you have discovered a security vulnerability in Buildbot, please be careful in how you disclose it, as the security of many significant projects depends on Buildbot.

Here is what we recommend:

  1. Email the maintainers (botherders@buildbot.net) directly, explaining the vulnerability in detail and any recommended fixes. If you have a full-disclosure deadline, please state it clearly.
  2. Maintainers will reply as soon as possible to indicate that your email was received, and will correspond as the issue is fixed. He may copy other committers who can help solve the problem.
  3. Once a fix is ready, Maintainers or another committer will take care of making patch releases for affected versions, committing the fixes, and posting an announcement to the mailing list. Unless you ask to remain anonymous, you will be credited with discovery of the vulnerability.
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.