doc: add duplicate CVE check in sec. release doc #39845
Closed
Commits on Aug 23, 2021
-
doc: add duplicate CVE check in sec. release doc
This commit adds a note about only creating a CVE for Node.js vulnerabilities. The motivation for this is a recent HackerOne report where I created a CVE for a c-ares issue. This CVE should have been created by the c-ares project, and it was later, but we never updated our HackerOne report to use their CVE number. Hopefully this extra note in the release doc will help us check for this situaion and avoid this in the future. Refs: https://hackerone.com/reports/1178337
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.