doc: add vulnerability report docs

Fixes #1773
2025-08-01 04:32:01 -07:00 · 2021-05-29 09:53:18 -04:00
parent 229d1a8d41
commit 2e2af50a4d
2 changed files with 11 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,9 @@ Security fixes:
  Fixes a security hole on Windows where running ripgrep with either the
  `-z/--search-zip` or `--pre` flags can result in running arbitrary
  executables from the current directory.
+* [VULN #1773](https://github.com/BurntSushi/ripgrep/issues/1773):
+  This is the public facing issue tracking CVE-2021-3013. ripgrep's README
+  now contains a section describing how to report a vulnerability.

 Feature enhancements:

--- a/README.md
+++ b/README.md
@@ -425,6 +425,14 @@ $ cargo test --all
 from the repository root.


+### Vulnerability reporting
+
+For reporting a security vulnerability, please
+[contact Andrew Gallant](https://blog.burntsushi.net/about/),
+which has my email address and PGP public key if you wish to send an encrypted
+message.
+
+
 ### Translations

 The following is a list of known translations of ripgrep's documentation. These