aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorReinier Zwitserloot <reinier@zwitserloot.com>2018-12-17 22:50:44 +0100
committerReinier Zwitserloot <reinier@zwitserloot.com>2018-12-17 22:55:05 +0100
commit16aeef1608942137b857b1fa31661106547eeb29 (patch)
treeebd12e5eb3abe95ebd1251d193431f052743714b
parent6ca884be755ccb28d2ebfe4b2e138e5b0c276875 (diff)
downloadlombok-16aeef1608942137b857b1fa31661106547eeb29.tar.gz
lombok-16aeef1608942137b857b1fa31661106547eeb29.tar.bz2
lombok-16aeef1608942137b857b1fa31661106547eeb29.zip
[website] Added security vulnerability disclosure page
-rw-r--r--website/extra/htaccess4
-rw-r--r--website/resources/.well-known/security.txt4
-rw-r--r--website/resources/js/supporters.js2
-rw-r--r--website/templates/_scaffold.html5
-rw-r--r--website/templates/contact.html19
-rw-r--r--website/templates/contributing/index.html3
-rw-r--r--website/templates/security.html18
7 files changed, 52 insertions, 3 deletions
diff --git a/website/extra/htaccess b/website/extra/htaccess
index f2abad2d..e7b54de4 100644
--- a/website/extra/htaccess
+++ b/website/extra/htaccess
@@ -24,6 +24,10 @@ RewriteRule ^disable-checked-exceptions$ /disable-checked-exceptions.html [L,END
RewriteRule ^disable-checked-exceptions(\.html)?/?$ /disable-checked-exceptions [NC,R=301]
RewriteRule ^supporters$ /supporters.html [L,END]
RewriteRule ^supporters(.html)?/?$ /supporters [NC,R=301]
+RewriteRule ^security$ /security.html [L,END]
+RewriteRule ^security(.html)?/?$ /security [NC,R=301]
+RewriteRule ^contact$ /contact.html [L,END]
+RewriteRule ^contact(.html)?/?$ /contact [NC,R=301]
RewriteRule ^order-license-info$ /order-license-info.html [L,END]
RewriteRule ^order-?license-?info(.html)?/?$ /order-license-info [NC,R=301]
RewriteRule ^order-license$ /order-license.html [L,END]
diff --git a/website/resources/.well-known/security.txt b/website/resources/.well-known/security.txt
new file mode 100644
index 00000000..256f50fd
--- /dev/null
+++ b/website/resources/.well-known/security.txt
@@ -0,0 +1,4 @@
+Contact: https://tidelift.com/security
+Contact: mailto:info@projectlombok.org
+
+# If encrypted communication is required, let us know and we'll provide a public GPG key.
diff --git a/website/resources/js/supporters.js b/website/resources/js/supporters.js
index 62beca81..6d770905 100644
--- a/website/resources/js/supporters.js
+++ b/website/resources/js/supporters.js
@@ -214,7 +214,7 @@
});
if (s.children().length < 1) {
var x = $("<div />").addClass("noSupportersBox").html(
- "We don't have any supporters yet this month.<br /><a href=\"https://patreon.com/lombok\" rel=\"noopener\">Become a patron</a> " +
+ "We don't have any supporters yet this month.<br /><a href=\"https://patreon.com/lombok\">Become a patron</a> " +
"or <a href=\"/order-license-info\">order a professional or enterprise license</a> today!");
s.append(x);
}
diff --git a/website/templates/_scaffold.html b/website/templates/_scaffold.html
index 65b2fb7f..be004744 100644
--- a/website/templates/_scaffold.html
+++ b/website/templates/_scaffold.html
@@ -100,9 +100,10 @@ ga('send', 'pageview');
<li class="dropdown">
<a class="dropdown-toggle pointer" data-toggle="dropdown">Community<span class="caret"></span></a>
<ul class="dropdown-menu" aria-labelledby="themes">
- <li><a href="https://groups.google.com/group/project-lombok" rel="noopener">Discuss / Help</a></li>
- <li><a href="https://github.com/rzwitserloot/lombok/issues" rel="noopener">Issues</a></li>
+ <li><a href="https://groups.google.com/group/project-lombok">Discuss / Help</a></li>
+ <li><a href="https://github.com/rzwitserloot/lombok/issues">Issues</a></li>
<li><a href="/contributing/index">Documentation for contributors</a></li>
+ <li><a href="/contact">Contact the team behind Project Lombok</a></li>
</ul>
</li>
<li>
diff --git a/website/templates/contact.html b/website/templates/contact.html
new file mode 100644
index 00000000..584c41bf
--- /dev/null
+++ b/website/templates/contact.html
@@ -0,0 +1,19 @@
+<#import "/_scaffold.html" as main>
+<@main.scaffold title="Contacting the team behind Project Lombok">
+ <div class="page-header top5">
+ <div>
+ <div class="row">
+ <p>
+ Project Lombok is an open source project, maintained primarily by Roel Spilker and Reinier Zwitserloot. We have day jobs and don't get paid much for Project Lombok's maintenance. Please keep this in mind when contacting us; we're doing it out of love.
+ </p><p>
+ To contact us, <ul>
+ <li>There's a <a href="https://groups.google.com/group/project-lombok">forum</a>; we read and respond here.</li>
+ <li>If you have a feature request or bug report, please file it on our <a href="https://github.com/rzwitserloot/lombok/issues">github bug tracker</a>.</li>
+ <li>If you have a security vulnerability to report, please contact us via our <a href="/security">security vulnerability disclosure</a> page.</li>
+ <li>We love giving presentations, about lombok, or even just general java things. <a href="mailto:info@projectlombok.org">Send us a mail</a> if you want to invite us to do a talk.</li>
+ </ul>
+ </p>
+ </div>
+ </div>
+ </div>
+</@main.scaffold>
diff --git a/website/templates/contributing/index.html b/website/templates/contributing/index.html
index 4f6a1bca..c6c85483 100644
--- a/website/templates/contributing/index.html
+++ b/website/templates/contributing/index.html
@@ -13,5 +13,8 @@
Discusses how lombok ends up being invoked, and how it gets around to transforming code being compiled / edited.
</@main.feature>
</div>
+ <div class="row">
+ More documentation can be found on the <a href="https://github.com/rzwitserloot/lombok/wiki">project lombok github wiki</a>.
+ </div>
</div>
</@main.scaffold>
diff --git a/website/templates/security.html b/website/templates/security.html
new file mode 100644
index 00000000..8eb2b3f7
--- /dev/null
+++ b/website/templates/security.html
@@ -0,0 +1,18 @@
+<#import "/_scaffold.html" as main>
+<@main.scaffold title="Security Vulnerabilities">
+ <div class="page-header top5">
+ <div>
+ <div class="row">
+ <p>
+ Lombok is a build-time only dependency; there is no need for <code>lombok.jar</code> to be available when your application is run, it just needs to be there when you compile your code.
+ </p><p>
+ Therefore, lombok is highly unlikely to be a source of security vulnerabilities.
+ </p><p>
+ Nevertheless, if you have a concern or found a vulnerability, please disclose the vulnerability privately. We would like to coordinate with you so that we can release a fix for the vulnerability together with the disclosure of the vulnerability to the public. As an open source project we are not currently able to offer a monetary reward, but we will acknowledge your contribution (and we'll owe you a refreshing beverage of your choice, of course!), and work with you to set a reasonable timeline for a fix.
+ </p><p>
+ If you want to report a vulnerability, please contact the <a href="https://tidelift.com/security">tidelift security team</a>. Alternatively, you can contact us directly via <a href="mailto:info@projectlombok.org">info@projectlombok.org</a>.
+ </p>
+ </div>
+ </div>
+ </div>
+</@main.scaffold>