Skip to content

Remove "security" as a type and add a "cve" attribute #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rgoers opened this issue Jan 10, 2023 · 1 comment
Closed

Remove "security" as a type and add a "cve" attribute #14

rgoers opened this issue Jan 10, 2023 · 1 comment
Assignees
@vy
Labels
feature
Milestone
0.2.0

Comments

@rgoers
Copy link
Member

rgoers commented Jan 10, 2023

"security" is a poor choice to have as a type as it is almost always also a bug that needs to be fixed. However, for bug fixes that are security issues it would be useful to include the "bug id" (i.e. - the CVE number) for the issue. This would make it easier for users to locate the specific changes that corrected a specific issue.
vy added a commit that referenced this issue Jan 24, 2023
@vy
Removed security as a change type from log4j-changelog (#14)
48a66f9
@vy
Copy link
Member

vy commented Jan 24, 2023

Fixed in 48a66f9. As discussed in the Slack channel, we agreed to use issues for CVEs, e.g., <issue id="CVE-2021-44228" url="https://www.cve.org/CVERecord?id=CVE-2021-44228">.

@vy vy closed this as completed Jan 24, 2023
@vy vy self-assigned this Sep 29, 2023
@vy vy added the feature label Sep 29, 2023
@vy vy added this to the 0.2.0 milestone Sep 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vy vy

Labels
feature
Projects
None yet
Milestone
0.2.0
Development

No branches or pull requests
2 participants
@vy @rgoers