From ba10646e8a3d61814d01f88bfc544a2cb8c07193 Mon Sep 17 00:00:00 2001 From: Matthew Penner Date: Wed, 5 Oct 2022 10:31:06 -0600 Subject: [PATCH] Update CONTRIBUTING.md and SECURITY.md --- CONTRIBUTING.md | 11 +++++++---- SECURITY.md | 6 +++--- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5b2042a71..eb24ef6bf 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,28 +1,31 @@ # Contributing + Pterodactyl does not accept Pull Requests (PRs) _for new functionality_ from users that are not currently part of the core project team. It has become overwhelming to try and give the proper time and attention that such complicated PRs tend to require — and deserve. As a result, it is in the project's best interest to limit the scope of work on new functionality to work done within the core project team. PRs that address existing _bugs_ with a corresponding issue opened in our issue tracker will continue to be accepted -and reviewed. Their scope is often signficantly more targeted, and simply improving upon existing and well defined +and reviewed. Their scope is often significantly more targeted, and simply improving upon existing and well defined logic. ### Responsible Disclosure + This is a fairly in-depth project and makes use of a lot of parts. We strive to keep everything as secure as possible and welcome you to take a look at the code provided in this project yourself. We do ask that you be considerate of others who are using the software and not publicly disclose security issues without contacting us first by email. -We'll make a deal with you: if you contact us by email and we fail to respond to you within a week you are welcome to +We'll make a deal with you: if you contact us by email, and we fail to respond to you within a week you are welcome to publicly disclose whatever issue you have found. We understand how frustrating it is when you find something big and no one will respond to you. This holds us to a standard of providing prompt attention to any issues that arise and keeping this community safe. -If you've found what you believe is a security issue please email `dane@pterodactyl.io`. Please check +If you've found what you believe is a security issue please email `matthew@pterodactyl.io`. Please check [SECURITY.md](/SECURITY.md) for additional details. ### Contact Us -You can find us in a couple places online. First and foremost, we're active right here on Github. If you encounter a + +You can find us in a couple places online. First and foremost, we're active right here on GitHub. If you encounter a bug or other problems, open an issue on here for us to take a look at it. We also accept feature requests here as well. You can also find us on [Discord](https://discord.gg/pterodactyl). diff --git a/SECURITY.md b/SECURITY.md index ad6b7dcd7..9d06612dc 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,14 +4,14 @@ The following versions of Pterodactyl are receiving active support and maintenance. Any security vulnerabilities discovered must be reproducible in supported versions. | Panel | Daemon | Supported | -|--------|--------------| ------------------ | +|--------|--------------|--------------------| | 1.10.x | wings@1.7.x | :white_check_mark: | -| 0.7.x | daemon@0.6.x | :x: | +| 0.7.x | daemon@0.6.x | :x: | ## Reporting a Vulnerability -Please reach out directly to any project team member on Discord when reporting a security vulnerability, or you can send an email to `dane@pterodactyl.io`. +Please reach out directly to any project team member on Discord when reporting a security vulnerability, or you can email `matthew@pterodactyl.io`. We make every effort to respond as soon as possible, although it may take a day or two for us to sync internally and determine the severity of the report and its impact. Please, _do not_ use a public facing channel or GitHub issues to report sensitive security issues.