From fc1e42190ff39759e5b3d5226c744b4c7c2ff069 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 1 Aug 2023 23:38:16 +0200 Subject: [PATCH] docs: link to the website versions instead of markdowns MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... to make the links work when the markdown is converted to webpages on https://curl.se Reported-by: MaurĂ­cio Meneghini Fauth Fixes https://github.com/curl/curl-www/issues/272 Closes #11569 --- docs/BUG-BOUNTY.md | 4 ++-- docs/SECURITY-ADVISORY.md | 10 +++++----- docs/SECURITY-PROCESS.md | 3 ++- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/docs/BUG-BOUNTY.md b/docs/BUG-BOUNTY.md index aa8ee8957..3714efda5 100644 --- a/docs/BUG-BOUNTY.md +++ b/docs/BUG-BOUNTY.md @@ -11,8 +11,8 @@ HackerOne program](https://hackerone.com/curl). After you have reported a security issue, it has been deemed credible, and a patch and advisory has been made public, you may be eligible for a bounty from -this program. See the [SECURITY-PROCESS](SECURITY-PROCESS.md) document for how -we work with security issues. +this program. See the [Security Process](https://curl.se/dev/secprocess.html) +document for how we work with security issues. ## What are the reward amounts? diff --git a/docs/SECURITY-ADVISORY.md b/docs/SECURITY-ADVISORY.md index c2d13c923..37083cd3c 100644 --- a/docs/SECURITY-ADVISORY.md +++ b/docs/SECURITY-ADVISORY.md @@ -1,10 +1,10 @@ # Anatomy of a curl security advisory -As described in the `SECURITY-PROCESS.md` document, when a security -vulnerability has been reported to the project and confirmed, we author an -advisory document for for the issue. It should ideally be written in -cooperation with the reporter to make sure all the angles and details of the -problem are gathered and described correctly and succinctly. +As described in the [Security Process](https://curl.se/dev/secprocess.html) +document, when a security vulnerability has been reported to the project and +confirmed, we author an advisory document for for the issue. It should ideally +be written in cooperation with the reporter to make sure all the angles and +details of the problem are gathered and described correctly and succinctly. ## New document diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md index e553507a4..64123edd4 100644 --- a/docs/SECURITY-PROCESS.md +++ b/docs/SECURITY-PROCESS.md @@ -56,7 +56,8 @@ announcement. problem is, its impact, which versions it affects, solutions or workarounds, when the release is out and make sure to credit all contributors properly. Figure out the CWE (Common Weakness Enumeration) number for the flaw. See - [SECURITY-ADVISORY](SECURITY-ADVISORY.md) for help on creating the advisory. + [SECURITY-ADVISORY](https://curl.se/dev/advisory.html) for help on creating + the advisory. - Request a CVE number from [HackerOne](https://docs.hackerone.com/programs/cve-requests.html)