csutherl commented on code in PR #1001: URL: https://github.com/apache/tomcat/pull/1001#discussion_r3168209506
########## SECURITY.md: ########## @@ -0,0 +1,127 @@ +# Security Policy + +## Before You Report - Required Self-Check + +**Complete this checklist. If you answer "No" to any question, do not submit a report:** + +- [ ] I have read the [Tomcat Security Model](https://tomcat.apache.org/security-model.html) and my finding doesn't require access to config files, binaries, or admin interfaces +- [ ] I have written a working Tomcat JUnit test case that compiles, runs, and demonstrates the vulnerability Review Comment: True, I incorporated Mark's suggested text in both the checklist and added an exception section to the POC requirements section. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
