GitLab will be shut down on June 25 to move to a new facility. https://www.eclipsestatus.io/incidents/5ffy27gwcbx7

Commit a03d5c0d authored by Wayne Beaton's avatar Wayne Beaton
Browse files

Update issue templates


Signed-off-by: Wayne Beaton's avatarWayne Beaton <wayne.beaton@eclipse-foundation.org>
parent 53c31531
<!--
Delete this comment before you submit.
There's help in the Eclipse Foundation Project Handbook https://www.eclipse.org/projects/handbook/#vulnerability-cve
We need:
Note that this issue is configured (see the quick actions at the bottom) to be created as confidential.
* The name of the impacted project and product;
* A description of the versions impacted (which may include ranges);
* A Common Weakness Enumeration (CWE) code;
* A one or two sentence summary of the issue which clearly identifies the Eclipse project/product and impacted versions; and
* Links for more information.
Note that a vulnerability does not need to actually be resolved before it is reported and that these reports can be revised as needed (reopen the issue to request changes).
Additional information can be provided, including (for example) a Common Vulnerability Scoring System (CVSS) code.
You can delete the comments (or not).
-->
Use the project's Eclipse Foundation ID, e.g., "technology.dash".
## Project
Specify the version range as precisely as possible, e.g., "[3.0, 3.5.1]" or "[3.0, 3.5.1)".
<!--
Required. Specify the project's name (e.g., "Eclipse Dash") and Eclipse Foundation ID, e.g., "technology.dash".
-->
The Common Weakness Enumeration (CWE) code comes from here: https://cwe.mitre.org/, e.g., "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')".
## Versions Affected
<!--
Required. Specify the version range as precisely as possible, e.g., "[3.0, 3.5.1]" or "[3.0, 3.5.1)".
-->
The summary should start with the name of the project, e.g., "Eclipse Vert.x", then a description of the affected versions, followed by a description of the problem. The summary should be concise. For example,
## Common Weakness Enumeration
<!--
Required. The Common Weakness Enumeration (CWE) code comes from here: https://cwe.mitre.org/, e.g., "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')". Multiple codes can be provided.
-->
## Common Vulnerability Scoring System
<!--
Optional. Provide a Common Vulnerability Scoring System (CVSS). There's help here: https://nvd.nist.gov/vuln-metrics/cvss
-->
## Summary
<!--
Required. The summary should start with the name of the project, e.g., "Eclipse Vert.x", then a description of the affected versions, followed by a description of the problem. The summary should be concise. For example,
"In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response
headers and HttpClient request headers do not filter carriage return and
line feed characters from the header value. This allow unfiltered values
to inject a new header in the client request or server response."
Include a link to the issue that's being used to track/resolve the issue along with other links that provide more information (when available).
Note that a vulnerability does not need to actually be resolved before it is reported and that these reports can be revised as needed (reopen the issue to request changes).
-->
project: projectId
version: [3.0, 3.5.1]
## Links
cwe: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')
summary: In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response
headers and HttpClient request headers do not filter carriage return and
line feed characters from the header value. This allow unfiltered values
to inject a new header in the client request or server response."
<!--
Required. Include a link to the issue that's being used to track/resolve the issue. Other links that provide more information can be provided.
-->
links:
* one
* two
- {primary resolution link}
<!-- Quick actions will configure the state of the issue. Leave these. -->
/title "CVE Assignment Request"
/confidential
/label ~"CVE Assignment"
......
Describe the issue that you're having with Eclipse Management Organization process.
<!-- Quick actions will configure the state of the issue. Leave these. -->
/label ~"Process"
/assign @wbeaton
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment