Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
doc: add duplicate CVE check in sec. release doc
This commit adds a note about only creating a CVE for Node.js vulnerabilities. The motivation for this is a recent HackerOne report where I created a CVE for a c-ares issue. This CVE should have been created by the c-ares project, and it was later, but we never updated our HackerOne report to use their CVE number. Hopefully this extra note in the release doc will help us check for this situaion and avoid this in the future. PR-URL: #39845 Refs: https://hackerone.com/reports/1178337 Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: James M Snell <[email protected]>
- Loading branch information