diff options
author | Reinier Zwitserloot <reinier@zwitserloot.com> | 2018-12-17 22:50:44 +0100 |
---|---|---|
committer | Reinier Zwitserloot <reinier@zwitserloot.com> | 2018-12-17 22:55:05 +0100 |
commit | 16aeef1608942137b857b1fa31661106547eeb29 (patch) | |
tree | ebd12e5eb3abe95ebd1251d193431f052743714b | |
parent | 6ca884be755ccb28d2ebfe4b2e138e5b0c276875 (diff) | |
download | lombok-16aeef1608942137b857b1fa31661106547eeb29.tar.gz lombok-16aeef1608942137b857b1fa31661106547eeb29.tar.bz2 lombok-16aeef1608942137b857b1fa31661106547eeb29.zip |
[website] Added security vulnerability disclosure page
-rw-r--r-- | website/extra/htaccess | 4 | ||||
-rw-r--r-- | website/resources/.well-known/security.txt | 4 | ||||
-rw-r--r-- | website/resources/js/supporters.js | 2 | ||||
-rw-r--r-- | website/templates/_scaffold.html | 5 | ||||
-rw-r--r-- | website/templates/contact.html | 19 | ||||
-rw-r--r-- | website/templates/contributing/index.html | 3 | ||||
-rw-r--r-- | website/templates/security.html | 18 |
7 files changed, 52 insertions, 3 deletions
diff --git a/website/extra/htaccess b/website/extra/htaccess index f2abad2d..e7b54de4 100644 --- a/website/extra/htaccess +++ b/website/extra/htaccess @@ -24,6 +24,10 @@ RewriteRule ^disable-checked-exceptions$ /disable-checked-exceptions.html [L,END RewriteRule ^disable-checked-exceptions(\.html)?/?$ /disable-checked-exceptions [NC,R=301] RewriteRule ^supporters$ /supporters.html [L,END] RewriteRule ^supporters(.html)?/?$ /supporters [NC,R=301] +RewriteRule ^security$ /security.html [L,END] +RewriteRule ^security(.html)?/?$ /security [NC,R=301] +RewriteRule ^contact$ /contact.html [L,END] +RewriteRule ^contact(.html)?/?$ /contact [NC,R=301] RewriteRule ^order-license-info$ /order-license-info.html [L,END] RewriteRule ^order-?license-?info(.html)?/?$ /order-license-info [NC,R=301] RewriteRule ^order-license$ /order-license.html [L,END] diff --git a/website/resources/.well-known/security.txt b/website/resources/.well-known/security.txt new file mode 100644 index 00000000..256f50fd --- /dev/null +++ b/website/resources/.well-known/security.txt @@ -0,0 +1,4 @@ +Contact: https://tidelift.com/security +Contact: mailto:info@projectlombok.org + +# If encrypted communication is required, let us know and we'll provide a public GPG key. diff --git a/website/resources/js/supporters.js b/website/resources/js/supporters.js index 62beca81..6d770905 100644 --- a/website/resources/js/supporters.js +++ b/website/resources/js/supporters.js @@ -214,7 +214,7 @@ }); if (s.children().length < 1) { var x = $("<div />").addClass("noSupportersBox").html( - "We don't have any supporters yet this month.<br /><a href=\"https://patreon.com/lombok\" rel=\"noopener\">Become a patron</a> " + + "We don't have any supporters yet this month.<br /><a href=\"https://patreon.com/lombok\">Become a patron</a> " + "or <a href=\"/order-license-info\">order a professional or enterprise license</a> today!"); s.append(x); } diff --git a/website/templates/_scaffold.html b/website/templates/_scaffold.html index 65b2fb7f..be004744 100644 --- a/website/templates/_scaffold.html +++ b/website/templates/_scaffold.html @@ -100,9 +100,10 @@ ga('send', 'pageview'); <li class="dropdown"> <a class="dropdown-toggle pointer" data-toggle="dropdown">Community<span class="caret"></span></a> <ul class="dropdown-menu" aria-labelledby="themes"> - <li><a href="https://groups.google.com/group/project-lombok" rel="noopener">Discuss / Help</a></li> - <li><a href="https://github.com/rzwitserloot/lombok/issues" rel="noopener">Issues</a></li> + <li><a href="https://groups.google.com/group/project-lombok">Discuss / Help</a></li> + <li><a href="https://github.com/rzwitserloot/lombok/issues">Issues</a></li> <li><a href="/contributing/index">Documentation for contributors</a></li> + <li><a href="/contact">Contact the team behind Project Lombok</a></li> </ul> </li> <li> diff --git a/website/templates/contact.html b/website/templates/contact.html new file mode 100644 index 00000000..584c41bf --- /dev/null +++ b/website/templates/contact.html @@ -0,0 +1,19 @@ +<#import "/_scaffold.html" as main> +<@main.scaffold title="Contacting the team behind Project Lombok"> + <div class="page-header top5"> + <div> + <div class="row"> + <p> + Project Lombok is an open source project, maintained primarily by Roel Spilker and Reinier Zwitserloot. We have day jobs and don't get paid much for Project Lombok's maintenance. Please keep this in mind when contacting us; we're doing it out of love. + </p><p> + To contact us, <ul> + <li>There's a <a href="https://groups.google.com/group/project-lombok">forum</a>; we read and respond here.</li> + <li>If you have a feature request or bug report, please file it on our <a href="https://github.com/rzwitserloot/lombok/issues">github bug tracker</a>.</li> + <li>If you have a security vulnerability to report, please contact us via our <a href="/security">security vulnerability disclosure</a> page.</li> + <li>We love giving presentations, about lombok, or even just general java things. <a href="mailto:info@projectlombok.org">Send us a mail</a> if you want to invite us to do a talk.</li> + </ul> + </p> + </div> + </div> + </div> +</@main.scaffold> diff --git a/website/templates/contributing/index.html b/website/templates/contributing/index.html index 4f6a1bca..c6c85483 100644 --- a/website/templates/contributing/index.html +++ b/website/templates/contributing/index.html @@ -13,5 +13,8 @@ Discusses how lombok ends up being invoked, and how it gets around to transforming code being compiled / edited. </@main.feature> </div> + <div class="row"> + More documentation can be found on the <a href="https://github.com/rzwitserloot/lombok/wiki">project lombok github wiki</a>. + </div> </div> </@main.scaffold> diff --git a/website/templates/security.html b/website/templates/security.html new file mode 100644 index 00000000..8eb2b3f7 --- /dev/null +++ b/website/templates/security.html @@ -0,0 +1,18 @@ +<#import "/_scaffold.html" as main> +<@main.scaffold title="Security Vulnerabilities"> + <div class="page-header top5"> + <div> + <div class="row"> + <p> + Lombok is a build-time only dependency; there is no need for <code>lombok.jar</code> to be available when your application is run, it just needs to be there when you compile your code. + </p><p> + Therefore, lombok is highly unlikely to be a source of security vulnerabilities. + </p><p> + Nevertheless, if you have a concern or found a vulnerability, please disclose the vulnerability privately. We would like to coordinate with you so that we can release a fix for the vulnerability together with the disclosure of the vulnerability to the public. As an open source project we are not currently able to offer a monetary reward, but we will acknowledge your contribution (and we'll owe you a refreshing beverage of your choice, of course!), and work with you to set a reasonable timeline for a fix. + </p><p> + If you want to report a vulnerability, please contact the <a href="https://tidelift.com/security">tidelift security team</a>. Alternatively, you can contact us directly via <a href="mailto:info@projectlombok.org">info@projectlombok.org</a>. + </p> + </div> + </div> + </div> +</@main.scaffold> |