This repository hosts public advisories, typically security advisories, related to the NATS project.
It is intended to be accessed via https://advisories.nats.io
To limit the risk of accidental early disclosure, most forms of public comment are disabled on the repo.
Please note: security folks are significantly more likely than the general population to keep JavaScript disabled in their browsers, so this website should be kept fully functional when JavaScript is disabled.
Expect people to have notifications enabled for this repository, so that avoiding an index for a new page does not help keep something secret.
CVE/
directoryindex.md
file with appropriate descriptionIn future, let's use GitHub's ability to request a CVE as part of drafting an advisory. Getting a CVE through the formerly used process has become not expeditious.
CVEs are typically requested from MITRE as the CNA of last resort for open
source projects: https://cveform.mitre.org/
Fill out enough details to get the number; be accurate, or withhold data, as
appropriate. At this first stage, I usually make sure to classify the type of
vulnerability and the affected version numbers, but not much more.
After the CVE has been published, we can update the text with another use of
this form.
We create GitHub Security Advisories for any project on GitHub, to aid with ecosystem notifications. Cross-reference the GHSA advisory and the CVE in this repository. See any existing advisory for examples.
oss-security
mailing-list, which is the main current
announcement mailing-list for open source software security issues;
https://oss-security.openwall.org/wiki/mailing-lists/oss-security /
https://www.openwall.com/lists/oss-security/
bundle install
to install the dependencies.bundle exec jekyll serve
to serve a local site preview.See the pages-themes GitHub repo for further details about customizing the template, layout, and CSS.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。