Skip to content

Commit a0de055

Browse files
committed
Add SECURITY.md, update CONTRIBUTING.md
1 parent 4efbdac commit a0de055

File tree

2 files changed

+50
-20
lines changed

2 files changed

+50
-20
lines changed

CONTRIBUTING.md

Lines changed: 18 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -9,33 +9,31 @@ Before reporting a new bug, please check first to see if a similar bug [exists](
99
Bug reports should be as complete as possible. Please try and include the following:
1010

1111
* complete steps to reproduce the issue
12-
* any information about platform and environment that could be specific to the bug
12+
* any information about platform and environment that could be specific to
13+
the bug
1314
* Specific version of the product you are using
1415
* Specific version of the server being used
1516
* C++ code to help reproduce the issue if possible
1617

18+
Please do NOT raise a GitHub Issue to report a security vulnerability.
19+
See SECURITY.md for additional information.
20+
1721
## Contributing Code
1822

19-
Contributing to this project is easy. You just need to follow these steps.
23+
You need to follow these steps.
2024

21-
* Sign the Oracle Contributor Agreement. You can find instructions for doing that at [OCA Page](https://oca.opensource.oracle.com/)
25+
* Make sure you have a user account at bugs.mysql.com. You'll need to reference
26+
this user account when you submit your OCA (Oracle Contributor Agreement).
27+
* Sign the Oracle Contributor Agreement. You can find instructions for doing
28+
that at [OCA Page](https://oca.opensource.oracle.com/)
2229
* Develop your pull request
23-
* Make sure you are aware of the requirements for the project (i.e. don't require C++17 if we are supporting C++11 and higher)
24-
* Validate your pull request by including tests that sufficiently cover the functionality
25-
* Verify that the entire test suite passes with your code applied
30+
* Make sure you are aware of the requirements for the project (i.e. don't
31+
require C++20 if we are supporting C++17 and higher)
32+
* Validate your pull request by including tests that sufficiently cover
33+
the functionality
2634
* Submit your pull request
35+
* It is also possible to upload your changes using the 'contribution' tab to
36+
a bug record in https://bugs.mysql.com.
2737

28-
## Running Tests
29-
30-
Any contributed code should pass our unit tests.
31-
To run the unit tests you need to perform the following steps:
32-
33-
* Build the Connector/C++ with the cmake option enabling unit tests (-DWITH_TESTS=1)
34-
* Run MySQL Server
35-
* Set the following environment variables:
36-
* XPLUGIN_PORT = <the port number of XPlugin in MySQL Server>
37-
* XLPIGIN_USER = <MySQL user name>
38-
* XPLUGIN_PASSWORD = <MySQL password>
39-
* In the OS command line enter the Connector/C++ build directory and run `ctest` utility
40-
41-
At the end of `ctest` run the result should indicate 100% tests passed.
38+
Only pull requests from committers that can be verified as having signed the OCA
39+
can be accepted.

SECURITY.md

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
# Reporting security vulnerabilities
2+
3+
Oracle values the independent security research community and believes that
4+
responsible disclosure of security vulnerabilities helps us ensure the security
5+
and privacy of all our users.
6+
7+
Please do NOT raise a GitHub Issue to report a security vulnerability. If you
8+
believe you have found a security vulnerability, please submit a report to
9+
[email protected] preferably with a proof of concept. Please review
10+
some [additional information](https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html)
11+
on how to report security vulnerabilities to Oracle. We encourage people who
12+
contact Oracle Security to use email encryption using our [encryption key](https://www.oracle.com/security-alerts/encryptionkey.html).
13+
14+
We ask that you do not use other channels or contact the project maintainers
15+
directly.
16+
17+
Non-vulnerability related security issues including ideas for new or improved
18+
security features are welcome on GitHub Issues.
19+
20+
## Security updates, alerts and bulletins
21+
22+
Security updates will be released on a regular cadence. Many of our projects
23+
will typically release security fixes in conjunction with the Oracle Critical Patch
24+
Update program. Additional information, including past advisories, is available
25+
on our [security alerts page](https://www.oracle.com/security-alerts/).
26+
27+
## Security-related information
28+
29+
We will provide security related information such as a threat model, considerations
30+
for secure use, or any known security issues in our documentation. Please note
31+
that labs and sample code are intended to demonstrate a concept and may not be
32+
sufficiently hardened for production use.

0 commit comments

Comments
 (0)