Link to security policy from blog post is 404ing

[u269c]

URL:

https://nodejs.org/en/blog/vulnerability/august-2023-security-releases

Browser Name:

Arc

Browser Version:

1.1.1

Operating System:

Mac OS Ventura 13.4.1

How to reproduce the issue:

The Node.js blogpost about the upcoming security release (authored by Rafael Gonzaga)

• https://nodejs.org/en/blog/vulnerability/august-2023-security-releases

The bottom link to the security policy is 404-ing, you probably want https://nodejs.org/en/docs/guides/security or straight up to the GH security.md?

I have not verified other blog posts.

[bmuenzenmeyer]

I have not verified other blog posts.

I used archive.org to see what the previous content looks like

https://web.archive.org/web/20210424084328/https://nodejs.org/en/security/

It seems to match what is in https://github.com/nodejs/node/blob/main/SECURITY.md - but some of the previous blog posts have the same output.

So to me the resolution is introducing a new redirect for the same similar to this one 9f67d43#diff-d9eafd123ac764afabc33ffcd1ee502a081b3342ee5f739f0fb9ef8e8d1764c1R26-R30.

[ovflowd]

Well we do have a https://nodejs.org/en/docs/guides/security which I have no idea how outdated it is.

But yes, I would rather update the blogpost to redirect to /en/about/secuity (https://github.com/nodejs/nodejs.org/blob/main/next.rewrites.mjs#L61-L64) which in the end goes to https://github.com/nodejs/node/blob/HEAD/SECURITY.md#security

[ovflowd]

cc @nodejs/security @RafaelGSS

[RafaelGSS]

Yes, there are two distinct routes:

• /guides/security/ - Node.js Security Best Practices
• /security/ - This should point to the SECURITY.md

For the second one I believe we should add a redirect to the github/nodejs/node/SECURITY.md.

[ovflowd]

I'm not familiar with the /security route. @RafaelGSS from where did you getting the reference of this route?

I believe the route you want is /en/about/security or just /about/security which should go to the README.md#security

[RafaelGSS]

@ovflowd See https://web.archive.org/web/20220624004851/https://nodejs.org/en/security/.

It redirects to nodejs/node/SECURITY.md. We should keep this behavior.

[sohan2410]

Can I work on this🤞?

[ljharb]

For the security policy, don’t redirect to the file - instead, redirect to https://github.com/nodejs/node/security/policy

[targos]

We can discuss about changing the blog post template(s), but the website is supposed to have a redirect: https://github.com/nodejs/build/blob/f7e0f90a55b0c866041668e4285a16274f1e36f7/ansible/www-standalone/resources/config/nodejs.org?plain=1#L344

[ovflowd]

I was just about to say what @targos mentioned. I guess I forgot about this one. Or intentionally removed it.

I'm going to re-add it.

--

Nope @sohan2410 sorry, this is kinda priority so I wanted to apply a hot and clean fix. Thanks anyways!

[ovflowd]

FYI I've made a hot-fix already, https://nodejs.org/en/security or /security or /any-supported-language/security redirects now to the correct endpoint.