doc: add vulnerability report docs

Fixes #1773
BurntSushi · May 29, 2021 · 2e2af50 · 2e2af50
1 parent 229d1a8
commit 2e2af50
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -21,6 +21,9 @@ Security fixes:
   Fixes a security hole on Windows where running ripgrep with either the
   `-z/--search-zip` or `--pre` flags can result in running arbitrary
   executables from the current directory.
+* [VULN #1773](https://github.com/BurntSushi/ripgrep/issues/1773):
+  This is the public facing issue tracking CVE-2021-3013. ripgrep's README
+  now contains a section describing how to report a vulnerability.
 
 Feature enhancements:
 

diff --git a/README.md b/README.md
@@ -425,6 +425,14 @@ $ cargo test --all
 from the repository root.
 
 
+### Vulnerability reporting
+
+For reporting a security vulnerability, please
+[contact Andrew Gallant](https://blog.burntsushi.net/about/),
+which has my email address and PGP public key if you wish to send an encrypted
+message.
+
+
 ### Translations
 
 The following is a list of known translations of ripgrep's documentation. These