From a9c528eb23ca0e9a9eb6ebac026de6e260e619cc Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Fri, 24 Oct 2014 00:12:18 -0400 Subject: [PATCH] added instructions for responsible disclosure, and use of `git bisect` for regression testing, closed #2280 --- CONTRIBUTING.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8ea926152f..b53932674c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -4,6 +4,11 @@ Thanks for reporting an issue with NodeBB! Please follow these guidelines in ord In general, if we can't reproduce it, we can't fix it! +> #### **Important** +> If you believed you have identified a security vulnerability with NodeBB, report it as soon as possible via email to **security@nodebb.org**. +> A member of the NodeBB security team will respond to the issue. +> Please do not post it to the public bug tracker. + ## Try the latest version of NodeBB There is a chance that the issue you are experiencing may have already been fixed. @@ -27,4 +32,10 @@ $ cd /path/to/my/nodebb $ git rev-parse HEAD ``` -If you have downloaded the `.zip` or `.tar.gz` packages from GitHub (or elsewhere), please let us know. \ No newline at end of file +If you have downloaded the `.zip` or `.tar.gz` packages from GitHub (or elsewhere), please let us know. + +## Attempt to use `git bisect` + +If you have installed NodeBB via GitHub clone, are familiar with utilising git, and are willing to help us narrow down the specific commit that causes a bug, consider running `git bisect`. + +A full guide can be found here: [Debugging with Git/Binary Search](http://git-scm.com/book/en/Git-Tools-Debugging-with-Git#Binary-Search) \ No newline at end of file