aboutsummaryrefslogtreecommitdiff
path: root/website/templates
diff options
context:
space:
mode:
authorReinier Zwitserloot <reinier@zwitserloot.com>2018-12-17 22:50:44 +0100
committerReinier Zwitserloot <reinier@zwitserloot.com>2018-12-17 22:55:05 +0100
commit16aeef1608942137b857b1fa31661106547eeb29 (patch)
treeebd12e5eb3abe95ebd1251d193431f052743714b /website/templates
parent6ca884be755ccb28d2ebfe4b2e138e5b0c276875 (diff)
downloadlombok-16aeef1608942137b857b1fa31661106547eeb29.tar.gz
lombok-16aeef1608942137b857b1fa31661106547eeb29.tar.bz2
lombok-16aeef1608942137b857b1fa31661106547eeb29.zip
[website] Added security vulnerability disclosure page
Diffstat (limited to 'website/templates')
-rw-r--r--website/templates/_scaffold.html5
-rw-r--r--website/templates/contact.html19
-rw-r--r--website/templates/contributing/index.html3
-rw-r--r--website/templates/security.html18
4 files changed, 43 insertions, 2 deletions
diff --git a/website/templates/_scaffold.html b/website/templates/_scaffold.html
index 65b2fb7f..be004744 100644
--- a/website/templates/_scaffold.html
+++ b/website/templates/_scaffold.html
@@ -100,9 +100,10 @@ ga('send', 'pageview');
<li class="dropdown">
<a class="dropdown-toggle pointer" data-toggle="dropdown">Community<span class="caret"></span></a>
<ul class="dropdown-menu" aria-labelledby="themes">
- <li><a href="https://groups.google.com/group/project-lombok" rel="noopener">Discuss / Help</a></li>
- <li><a href="https://github.com/rzwitserloot/lombok/issues" rel="noopener">Issues</a></li>
+ <li><a href="https://groups.google.com/group/project-lombok">Discuss / Help</a></li>
+ <li><a href="https://github.com/rzwitserloot/lombok/issues">Issues</a></li>
<li><a href="/contributing/index">Documentation for contributors</a></li>
+ <li><a href="/contact">Contact the team behind Project Lombok</a></li>
</ul>
</li>
<li>
diff --git a/website/templates/contact.html b/website/templates/contact.html
new file mode 100644
index 00000000..584c41bf
--- /dev/null
+++ b/website/templates/contact.html
@@ -0,0 +1,19 @@
+<#import "/_scaffold.html" as main>
+<@main.scaffold title="Contacting the team behind Project Lombok">
+ <div class="page-header top5">
+ <div>
+ <div class="row">
+ <p>
+ Project Lombok is an open source project, maintained primarily by Roel Spilker and Reinier Zwitserloot. We have day jobs and don't get paid much for Project Lombok's maintenance. Please keep this in mind when contacting us; we're doing it out of love.
+ </p><p>
+ To contact us, <ul>
+ <li>There's a <a href="https://groups.google.com/group/project-lombok">forum</a>; we read and respond here.</li>
+ <li>If you have a feature request or bug report, please file it on our <a href="https://github.com/rzwitserloot/lombok/issues">github bug tracker</a>.</li>
+ <li>If you have a security vulnerability to report, please contact us via our <a href="/security">security vulnerability disclosure</a> page.</li>
+ <li>We love giving presentations, about lombok, or even just general java things. <a href="mailto:info@projectlombok.org">Send us a mail</a> if you want to invite us to do a talk.</li>
+ </ul>
+ </p>
+ </div>
+ </div>
+ </div>
+</@main.scaffold>
diff --git a/website/templates/contributing/index.html b/website/templates/contributing/index.html
index 4f6a1bca..c6c85483 100644
--- a/website/templates/contributing/index.html
+++ b/website/templates/contributing/index.html
@@ -13,5 +13,8 @@
Discusses how lombok ends up being invoked, and how it gets around to transforming code being compiled / edited.
</@main.feature>
</div>
+ <div class="row">
+ More documentation can be found on the <a href="https://github.com/rzwitserloot/lombok/wiki">project lombok github wiki</a>.
+ </div>
</div>
</@main.scaffold>
diff --git a/website/templates/security.html b/website/templates/security.html
new file mode 100644
index 00000000..8eb2b3f7
--- /dev/null
+++ b/website/templates/security.html
@@ -0,0 +1,18 @@
+<#import "/_scaffold.html" as main>
+<@main.scaffold title="Security Vulnerabilities">
+ <div class="page-header top5">
+ <div>
+ <div class="row">
+ <p>
+ Lombok is a build-time only dependency; there is no need for <code>lombok.jar</code> to be available when your application is run, it just needs to be there when you compile your code.
+ </p><p>
+ Therefore, lombok is highly unlikely to be a source of security vulnerabilities.
+ </p><p>
+ Nevertheless, if you have a concern or found a vulnerability, please disclose the vulnerability privately. We would like to coordinate with you so that we can release a fix for the vulnerability together with the disclosure of the vulnerability to the public. As an open source project we are not currently able to offer a monetary reward, but we will acknowledge your contribution (and we'll owe you a refreshing beverage of your choice, of course!), and work with you to set a reasonable timeline for a fix.
+ </p><p>
+ If you want to report a vulnerability, please contact the <a href="https://tidelift.com/security">tidelift security team</a>. Alternatively, you can contact us directly via <a href="mailto:info@projectlombok.org">info@projectlombok.org</a>.
+ </p>
+ </div>
+ </div>
+ </div>
+</@main.scaffold>