[Summary view] [Print] [Text view]

   1  @title Reporting Security Vulnerabilities
   2  @group intro
   3  
   4  Describes how to report security vulnerabilities in Phabricator.
   5  
   6  = Overview =
   7  
   8  Phabricator runs a disclosure and award program through
   9  [[ https://www.hackerone.com/ | HackerOne ]]. This program is the best way to
  10  submit security issues to us, and awards responsible disclosure of
  11  vulnerabilities with cash bounties. You can find our project page
  12  here:
  13  
  14  (NOTE) https://hackerone.com/phabricator
  15  
  16  The project page has detailed information about the scope of the program and
  17  how to participate.
  18  
  19  We have a 24 hour response timeline, and are usually able to respond to (and,
  20  very often, fix) issues more quickly than that.
  21  
  22  = Other Channels =
  23  
  24  You can also contact us on another channel if you prefer. See
  25  @{article:Give Feedback! Get Support!} for a list of ways to get in touch
  26  with us.
  27  
  28  = Getting Notified =
  29  
  30  When we fix significant security vulnerabilities, we currently publish
  31  information:
  32  
  33    - on our [[ https://www.facebook.com/phabricator | Facebook Page ]];
  34    - on our [[ https://twitter.com/phabricator | Twitter Feed ]];
  35    - and on IRC (`#phabricator` on FreeNode).
  36  
  37  If you'd prefer to receive information on other channels, let us know.
  38  
  39  General information about security is reported monthly in the
  40  [[ http://phabricator.org/changelog/ | Changelog ]]. This includes low impact
  41  issues, reports we did not act on, and other details.