Security Policy violation SECURITY.md

Question

Security Policy violation SECURITY.md

allstar-app opened this issue 3 years ago · comments

Security Policy SECURITY.md is out of compliance, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

Issue created by Allstar. https://github.com/ossf/allstar

allstar-app · Answer 1 · Sun Aug 01 2021 02:15:48 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 2 · Mon Aug 02 2021 02:20:32 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 3 · Tue Aug 03 2021 02:25:01 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 4 · Wed Aug 04 2021 02:32:19 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 5 · Thu Aug 05 2021 02:37:59 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 6 · Fri Aug 06 2021 02:40:37 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 7 · Sat Aug 07 2021 02:42:00 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 8 · Sun Aug 08 2021 02:42:47 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 9 · Mon Aug 09 2021 02:51:17 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

Snow Pettersen · Answer 10 · Tue Aug 10 2021 00:48:49 GMT+0800 (China Standard Time)

This one is a bit tricky since jcp has yet to release a major version, so the idea of back porting security fixes doesn't make a whole lot of sense. Would it be sufficient to just spell this out?

@mattklein123 @asraa @jeffmendoza

Jeff Mendoza · Answer 11 · Tue Aug 10 2021 00:53:58 GMT+0800 (China Standard Time)

The important thing here are instructions / process for reporting a security vulnerability.

Supported versions / back-porting is more informational.

asraa · Answer 12 · Tue Aug 10 2021 03:06:58 GMT+0800 (China Standard Time)

We should probably just link to envoy-security email list for private disclosures then
Likely not much will result in a CVE on this front anyway?

allstar-app · Answer 13 · Wed Aug 11 2021 03:09:21 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 14 · Tue Aug 17 2021 09:07:27 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 15 · Thu Aug 19 2021 04:13:06 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 16 · Fri Aug 20 2021 05:49:10 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 17 · Sat Aug 21 2021 05:58:17 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 18 · Sun Aug 22 2021 07:41:12 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 19 · Mon Aug 23 2021 09:35:55 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 20 · Tue Aug 24 2021 12:03:01 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 21 · Wed Aug 25 2021 13:10:23 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 22 · Thu Aug 26 2021 13:36:39 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 23 · Fri Aug 27 2021 16:15:08 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 24 · Sat Aug 28 2021 18:40:49 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 25 · Sun Aug 29 2021 20:28:25 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 26 · Mon Aug 30 2021 21:53:24 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 27 · Tue Aug 31 2021 22:27:48 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 28 · Wed Sep 01 2021 22:34:08 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 29 · Fri Sep 03 2021 00:43:38 GMT+0800 (China Standard Time)

Updating issue after ping interval, status:
SECURITY.md not found.
Go to https://github.com/envoyproxy/java-control-plane/security/policy to enable.

allstar-app · Answer 30 · Fri Sep 03 2021 04:10:38 GMT+0800 (China Standard Time)

In compliance, closing.