Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Information and link in README.md file related to Security issue reporting should be updated #22166

Closed
sdzhepa opened this issue Apr 4, 2019 · 6 comments
Closed

Information and link in README.md file related to Security issue reporting should be updated #22166

sdzhepa opened this issue Apr 4, 2019 · 6 comments
Assignees
@mautz-et-tong
Labels
Component: Other Fixed in 2.3.x The issue has been fixed in 2.3 release line good first issue Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed Issue: Ready for Work Gate 4. Acknowledged. Issue is added to backlog and ready for development Reproduced on 2.3.x The issue has been reproduced on latest 2.3 release

Comments

@sdzhepa
Copy link
Contributor

sdzhepa commented Apr 4, 2019

Preconditions (*)

  1. the Readme on https://github.com/magento/magento2 still says to create Bugcrowd reports for security vulns. Since the program is taken down the link 404's
  2. Now in use HackerOne for these purposes

Steps to reproduce (*)

  1. Go to https://github.com/magento/magento2/blob/2.3-develop/README.md
  2. Scroll to "Reporting Security Issues" section

Expected result (*)

  1. Text and link should be updated and use "HackerOne" instead of "Bugcrowd "
    Example of Expected code/text
    ## Reporting Security Issues
    To report security vulnerabilities in Magento software or web sites, please create a HackerOne account [there](https://hackerone.com/magento) to submit and follow-up your issue. Learn more about reporting security issues [here](https://magento.com/security/reporting-magento-security-issue).

Actual result (*)

  1. Current text and link related to 'Bugcrowd researcher account there ' leads to 404 page
    Example of Actual code/text
    ## Reporting Security Issues
    To report security vulnerabilities in Magento software or web sites, please create a Bugcrowd researcher account [there](https://bugcrowd.com/magento) to submit and follow-up your issue. Learn more about reporting security issues [here](https://magento.com/security/reporting-magento-security-issue).
@m2-assistant
Copy link

m2-assistant bot commented Apr 4, 2019

Hi @sdzhepa. Thank you for your report.
To help us process this issue please make sure that you provided the following information:

  • Summary of the issue
  • Information on your environment
  • Steps to reproduce
  • Expected and actual results

Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:

@magento-engcom-team give me 2.3-develop instance - upcoming 2.3.x release

For more details, please, review the Magento Contributor Assistant documentation.

@sdzhepa do you confirm that you was able to reproduce the issue on vanilla Magento instance following steps to reproduce?

  • yes
  • no

@magento-engcom-team magento-engcom-team added the Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed label Apr 4, 2019
@sdzhepa sdzhepa added the Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed label Apr 4, 2019
@magento-engcom-team
Copy link
Contributor

@sdzhepa Thank you for verifying the issue.

Unfortunately, not enough information was provided to acknowledge ticket. Please consider adding the following:

  • Add "Component: " label(s) to this ticket based on verification result. If uncertain, you may follow the best guess
  • Add "Reproduced on " label(s) to this ticket based on verification result

Once all required information is added, please add label "Issue: Confirmed" again.
Thanks!

@magento-engcom-team magento-engcom-team removed the Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed label Apr 4, 2019
@sdzhepa sdzhepa added good first issue Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed labels Apr 4, 2019
@magento-engcom-team magento-engcom-team removed the Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed label Apr 4, 2019
@magento-engcom-team
Copy link
Contributor

@sdzhepa Thank you for verifying the issue.

Unfortunately, not enough information was provided to acknowledge ticket. Please consider adding the following:

  • Add "Component: " label(s) to this ticket based on verification result. If uncertain, you may follow the best guess
  • Add "Reproduced on " label(s) to this ticket based on verification result

Once all required information is added, please add label "Issue: Confirmed" again.
Thanks!

@sdzhepa sdzhepa added Reproduced on 2.3.x The issue has been reproduced on latest 2.3 release Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed labels Apr 4, 2019
@magento-engcom-team
Copy link
Contributor

@sdzhepa Thank you for verifying the issue.

Unfortunately, not enough information was provided to acknowledge ticket. Please consider adding the following:

  • Add "Component: " label(s) to this ticket based on verification result. If uncertain, you may follow the best guess

Once all required information is added, please add label "Issue: Confirmed" again.
Thanks!

@magento-engcom-team magento-engcom-team removed the Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed label Apr 4, 2019
@sdzhepa sdzhepa added Component: Other Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed labels Apr 4, 2019
@magento-engcom-team magento-engcom-team added the Issue: Ready for Work Gate 4. Acknowledged. Issue is added to backlog and ready for development label Apr 4, 2019
@magento-engcom-team
Copy link
Contributor

✅ Confirmed by @sdzhepa
Thank you for verifying the issue. Based on the provided information internal tickets MAGETWO-99059 were created

Issue Available: @sdzhepa, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.

@mautz-et-tong mautz-et-tong mentioned this issue Apr 7, 2019
Merged
4 tasks
@ghost ghost assigned mautz-et-tong Apr 8, 2019
@magento-engcom-team
Copy link
Contributor

Hi @sdzhepa. Thank you for your report.
The issue has been fixed in #22195 by @mautz-et-tong in 2.3-develop branch
Related commit(s):

The fix will be available with the upcoming 2.3.2 release.

@magento-engcom-team magento-engcom-team added the Fixed in 2.3.x The issue has been fixed in 2.3 release line label Apr 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mautz-et-tong mautz-et-tong

Labels
Component: Other Fixed in 2.3.x The issue has been fixed in 2.3 release line good first issue Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed Issue: Ready for Work Gate 4. Acknowledged. Issue is added to backlog and ready for development Reproduced on 2.3.x The issue has been reproduced on latest 2.3 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sdzhepa @mautz-et-tong @magento-engcom-team