[MapServer-dev] enabled GitHub's private 'report a vulnerability' feature
Jeff McKenna
jmckenna at gatewaygeomatics.com
Wed Jun 25 08:10:33 PDT 2025
Hi PSC and devs!
I have enabled GitHub's feature to add a 'report a vulnerability'
button, for the MapServer repo, when a user clicks on the "Security"
link in the header (see screen capture at
https://github.com/MapServer/MapServer/pull/7298 ). The filed report
should only be visible to PSC members and the reporter. It also allows
us to "triage" the reports etc. (we can of course improve this process
when we see it in action)
docs about this feature:
https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability
Thanks,
-jeff
--
Jeff McKenna
GatewayGeo: Developers of MS4W, & offering MapServer Consulting/Dev
co-founder of FOSS4G
http://gatewaygeo.com/
More information about the MapServer-dev
mailing list