mirror of
https://github.com/mozilla/pdf.js.git
synced 2025-04-19 06:38:07 +02:00
4033913acc
This commit fixes two issues that have been found after commit 2beae7a
landed, namely:
- The security checkbox image is not rendering at
https://github.com/mozilla/pdf.js/security/policy because the
`SECURITY.md` file is apparently served differently there (because it
does work as expected at
https://github.com/mozilla/pdf.js/blob/master/.github/SECURITY.md),
which causes the relative link not to work. We switch to an absolute
link to fix the issue.
- If a security policy is defined it turns out that GitHub automatically
adds a row to the "New issue" page; see
https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository
where it states "When someone creates an issue in your repository, they
will see a link to your project's security policy". Since we now have
two rows at https://github.com/mozilla/pdf.js/issues/new/choose about
the security policy, we remove our own version in favor of the
standard GitHub-provided one.
13 lines
872 B
Markdown
13 lines
872 B
Markdown
# Security policy
|
|
|
|
Mozilla takes the security of our software seriously. If you believe you have found a security vulnerability in PDF.js, please report it to us as described below.
|
|
|
|
## Reporting security vulnerabilities
|
|
|
|
**Please don't report security vulnerabilities through public GitHub issues.**
|
|
|
|
Instead, please report security vulnerabilities in [Bugzilla](https://bugzilla.mozilla.org/enter_bug.cgi?product=Firefox&component=PDF%20Viewer&groups=firefox-core-security) and make sure that the checkbox in the "Security" section is checked so the required access controls are automatically configured:
|
|
|
|
|
|
|
|
The Mozilla security team will process the bug as described in [Mozilla's security bugs policy](https://www.mozilla.org/en-US/about/governance/policies/security-group/bugs).
|