markt-asf commented on code in PR #1001: URL: https://github.com/apache/tomcat/pull/1001#discussion_r3166627255
########## SECURITY.md: ########## @@ -0,0 +1,127 @@ +# Security Policy + +## Before You Report - Required Self-Check + +**Complete this checklist. If you answer "No" to any question, do not submit a report:** + +- [ ] I have read the [Tomcat Security Model](https://tomcat.apache.org/security-model.html) and my finding doesn't require access to config files, binaries, or admin interfaces +- [ ] I have written a working Tomcat JUnit test case that compiles, runs, and demonstrates the vulnerability Review Comment: Maybe add "... or I have provided a justification as to why a JUnit test case cannot be written for this report and I have provided a minimal proof of concept." -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
