Skip to content

Commit

Permalink
SECURITY.md: link to release page (ethereum#22067)
Browse files Browse the repository at this point in the history 
Add links to go-ethereum's GitHub release page.

Co-authored-by: Felix Lange <[email protected]>
  • Loading branch information
@suriyaa @fjl
suriyaa and fjl authored Jan 4, 2021
1 parent 5c2a7ce commit 1951e20
Showing 1 changed file with 4 additions and 6 deletions.
10 changes: 4 additions & 6 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,31 +2,29 @@

## Supported Versions

Please see Releases. We recommend to use the most recent released version.
Please see [Releases](https://github.com/ethereum/go-ethereum/releases). We recommend using the [most recently released version](https://github.com/ethereum/go-ethereum/releases/latest).

## Audit reports

Audit reports are published in the `docs` folder: https://github.com/ethereum/go-ethereum/tree/master/docs/audits


| Scope | Date | Report Link |
| ------- | ------- | ----------- |
| `geth` | 20170425 | [pdf](https://github.com/ethereum/go-ethereum/blob/master/docs/audits/2017-04-25_Geth-audit_Truesec.pdf) |
| `clef` | 20180914 | [pdf](https://github.com/ethereum/go-ethereum/blob/master/docs/audits/2018-09-14_Clef-audit_NCC.pdf) |



## Reporting a Vulnerability

**Please do not file a public ticket** mentioning the vulnerability.

To find out how to disclose a vulnerability in Ethereum visit [https://bounty.ethereum.org](https://bounty.ethereum.org) or email [email protected].
To find out how to disclose a vulnerability in Ethereum visit [https://bounty.ethereum.org](https://bounty.ethereum.org) or email [email protected]. Please read the [disclosure page](https://github.com/ethereum/go-ethereum/security/advisories?state=published) for more information about publically disclosed security vulnerabilities.

Use the built-in `geth version-check` feature to check whether the software is affected by any known vulnerability. This command will fetch the latest [`vulnerabilities.json`](https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities.json) file which contains known security vulnerabilities concerning `geth`, and cross-check the data against its own version number.

The following key may be used to communicate sensitive information to developers.

Fingerprint: `AE96 ED96 9E47 9B00 84F3 E17F E88D 3334 FA5F 6A0A`


```
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
Expand Down

0 comments on commit 1951e20

Please sign in to comment.