centersl/portainer-docs
1
0
Fork 0
mirror of https://github.com/portainer/portainer-docs.git synced 2026-03-27 04:48:31 +07:00
Code Issues Packages Projects Releases Wiki Activity

GITBOOK-34: Report a vulnerability updates

Browse Source
This commit is contained in:
Hannah Cooper
2026-03-12 01:57:12 +00:00
committed by gitbook-bot
parent ce192824e6
commit 5c57cb5abd
4 changed files with 37 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -41,7 +41,7 @@ Community Edition, five/three nodes free and Home & Student users can get suppor
* **Ask our AI bot** by clicking the **Ask AI** button in the bottom right of this documentation site. Our AI chatbot pulls from a number of sources and is a great place to start when looking for help.
* **Ask questions** either in our [GitHub Discussions](https://github.com/orgs/portainer/discussions/categories/help) forum or the [community Slack channel](https://portainer.io/slack). Other platforms exist (Reddit, Discord, Stack Overflow) but we are less active in those spaces.
* **Log bugs** in [GitHub Issues](https://github.com/portainer/portainer/issues) so they can be properly managed.
* **Flag vulnerabilities** by emailing [security@portainer.io](mailto:security@portainer.io) so we can deal with them immediately.
* **Report any security vulnerabilities** by emailing [security@portainer.io](mailto:security@portainer.io) or by [opening a vulnerability report in GitHub](https://github.com/portainer/portainer/security/advisories/new) so the issue can be reviewed and addressed as quickly as possible.
* **Flag documentation issues** via our [GitHub documentation channel](https://github.com/portainer/portainer-docs/issues) (or start [contributing](contribute/contribute.md) and make our documentation better!).
### Business Edition Customers

1
SUMMARY.md
View File

@@ -415,6 +415,7 @@
* [How do I raise a feature request?](faqs/contributing/how-do-i-raise-a-feature-request.md)
* [How do you decide which bugs and features to work on first?](faqs/contributing/how-do-you-decide-which-bugs-and-features-to-work-on-first.md)
* [How do I log a Support Request?](faqs/contributing/how-do-i-log-a-support-request.md)
* [How do I report a security vulnerability?](faqs/contributing/how-do-i-report-a-security-vulnerability.md)
* [Known issues](faqs/known-issues/README.md)
* [Edge stacks do not support authenticating to deploy applications from private registries](faqs/known-issues/edge-stacks-do-not-support-authenticating-to-deploy-applications-from-private-registries.md)
* [Known issues with VMware](faqs/known-issues/known-issues-with-vmware.md)

33
contribute/contribute.md
View File

@@ -12,6 +12,16 @@ The following guidelines outline our engineering workflows, please review these
## Contributing to the Portainer CE codebase
{% hint style="warning" %}
### AI assistance notice <a href="#id-987d7792-f717-4a29-9fe7-b9014d343629" id="id-987d7792-f717-4a29-9fe7-b9014d343629"></a>
If you use any form of AI assistance to create your contribution - whether for code, documentation, or drafting pull request (PR) responses - it must be disclosed in your pull request description.
Trivial assistance, like single-word auto-completion, does not require disclosure. Disclosing AI usage helps maintainers apply the correct level of scrutiny during review.
For commits where an AI tool has significantly contributed to the code, it is recommended to add a Co-Authored-By trailer in the commit message to formally credit the tool, using the format specified by the tool's provider.
{% endhint %}
The Portainer CE codebase is available in [GitHub](https://github.com/portainer/portainer). Please follow our [build instructions](build/) and the following guidelines when making a contribution.
### Repository structure
@@ -45,16 +55,6 @@ The Portainer CE codebase is available in [GitHub](https://github.com/portainer/
* **Documentation**: Update relevant docs (e.g. README, usage notes) when changing functionality.
* **Scope**: Focus on well-defined features, fixes, or improvements. Large architectural changes should be discussed in an issue first.
{% hint style="warning" %}
### AI assistance notice <a href="#id-987d7792-f717-4a29-9fe7-b9014d343629" id="id-987d7792-f717-4a29-9fe7-b9014d343629"></a>
If you use any form of AI assistance to create your contribution - whether for code, documentation, or drafting pull request (PR) responses - it must be disclosed in your pull request description.
Trivial assistance, like single-word auto-completion, does not require disclosure. Disclosing AI usage helps maintainers apply the correct level of scrutiny during review.
For commits where an AI tool has significantly contributed to the code, it is recommended to add a Co-Authored-By trailer in the commit message to formally credit the tool, using the format specified by the tool's provider.
{% endhint %}
### Communication
* For significant changes or new features, use [GitHub Discussions](https://github.com/orgs/portainer/discussions/categories/ideas) to start a discussion before starting the change.
@@ -66,6 +66,19 @@ If you find a bug, [please tell us](https://github.com/portainer/portainer/issue
[This article](../faqs/contributing/how-do-you-decide-which-bugs-and-features-to-work-on-first.md) covers how we prioritize bug fixes.
## Reporting security vulnerabilities&#x20;
The Portainer team takes the security of our products seriously. If you believe you have discovered a security vulnerability in any Portainer-owned repository, please report it responsibly.
Plase do not report security vulnerabilities through public channels, including standard GitHub issues.
Instead, report vulnerabilities using one of the following methods:
* Email the Portainer team at [security@portainer.io](mailto:security@portainer.io)&#x20;
* [Submit a private vulnerability report](https://github.com/portainer/portainer/security/advisories/new) through the relevant Portainer repository on GitHub
These channels allow the team to review and address the issue as quickly as possible while minimizing the risk of public exposure before a fix is available.
## Feature requests
You can request new features by posting an Idea in our [GitHub Discussions](https://github.com/orgs/portainer/discussions/categories/ideas) forum. Please check to see if someone has already requested the feature you want, and give it an upvote if so.

12
faqs/contributing/how-do-i-report-a-security-vulnerability.md Normal file
View File

@@ -0,0 +1,12 @@
# How do I report a security vulnerability?
The Portainer team takes the security of our products seriously. If you believe you have discovered a security vulnerability in any Portainer-owned repository, please report it responsibly.
Please do not report security vulnerabilities through public channels, including standard GitHub issues.
Instead, report vulnerabilities using one of the following methods:
* Email the Portainer team at [security@portainer.io](mailto:security@portainer.io)
* [Submit a private vulnerability report](https://github.com/portainer/portainer/security/advisories/new) through the relevant Portainer repository on GitHub
These channels allow the team to review and address the issue as quickly as possible while minimizing the risk of public exposure before a fix is available.