From 2a20b11c07ae2d3faa1d9a7f667f7207d82f0a2a Mon Sep 17 00:00:00 2001 From: Nazim Muhammed <151945785+nazimmuhammed@users.noreply.github.com> Date: Tue, 3 Feb 2026 23:05:28 +0530 Subject: [PATCH 1/5] docs: improve SECURITY.md with responsible disclosure guidelines --- SECURITY.md | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 4ace3c77cb..85b77281cc 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,5 +1,31 @@ # Security Policy +## Supported Versions + +The OWASP Nest project follows a rolling release model. +Only the latest version on the `main` branch is actively supported with security updates. + ## Reporting a Vulnerability -Please use this [form](https://github.com/OWASP/Nest/security/advisories/new) to report a security vulnerability. +If you discover a security vulnerability in OWASP Nest, please report it responsibly. + +### How to Report +- Use **GitHub Security Advisories** (preferred), or +- Follow the OWASP responsible disclosure process + +Please **do not** create public GitHub issues for security-related reports. + +### What to Include +When reporting a vulnerability, please include: +- A clear description of the issue +- Steps to reproduce (if applicable) +- Potential impact +- Any relevant logs or screenshots + +## Response Timeline + +- Initial acknowledgment: **3–5 business days** +- Investigation and validation: **7–14 days** +- Fix and coordinated disclosure thereafter + +Thank you for helping keep OWASP Nest and the community secure. From 148879ed4cbf4f6be0a6afd6ed3c482f6c0bbd45 Mon Sep 17 00:00:00 2001 From: Nazim Muhammed <151945785+nazimmuhammed@users.noreply.github.com> Date: Tue, 17 Feb 2026 21:42:11 +0530 Subject: [PATCH 2/5] Update jest.setup.ts --- frontend/jest.setup.ts | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/frontend/jest.setup.ts b/frontend/jest.setup.ts index 930ee85720..9bdfefdc89 100644 --- a/frontend/jest.setup.ts +++ b/frontend/jest.setup.ts @@ -113,13 +113,14 @@ beforeAll(() => { }) } - globalThis.ResizeObserver = class { - disconnect() {} // NOSONAR: empty mock implementation for test environment. - observe() {} // NOSONAR: empty mock implementation for test environment. - unobserve() {} // NOSONAR: empty mock implementation for test environment. - } + globalThis.ResizeObserver = class { + disconnect = jest.fn(); + observe = jest.fn(); + unobserve = jest.fn(); +} }) + beforeEach(() => { jest.spyOn(console, 'error').mockImplementation((...args) => { throw new Error(`Console error: ${args.join(' ')}`) From b69561b77ebd29c59303968735d642041ff9257d Mon Sep 17 00:00:00 2001 From: Nazim Muhammed <151945785+nazimmuhammed@users.noreply.github.com> Date: Tue, 17 Feb 2026 21:45:23 +0530 Subject: [PATCH 3/5] Update jest.setup.ts fix: replace empty ResizeObserver methods with jest.fn mocks From ea137bcb5938c49f3a8714ba3839cecb87b7efe7 Mon Sep 17 00:00:00 2001 From: Arkadii Yakovets Date: Tue, 17 Feb 2026 20:26:50 -0800 Subject: [PATCH 4/5] Update code --- SECURITY.md | 9 +++++---- frontend/jest.setup.ts | 11 +++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 85b77281cc..374a27a743 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -10,13 +10,14 @@ Only the latest version on the `main` branch is actively supported with security If you discover a security vulnerability in OWASP Nest, please report it responsibly. ### How to Report -- Use **GitHub Security Advisories** (preferred), or -- Follow the OWASP responsible disclosure process +Please use this [form](https://github.com/OWASP/Nest/security/advisories/new) to report a security vulnerability. Please **do not** create public GitHub issues for security-related reports. ### What to Include + When reporting a vulnerability, please include: + - A clear description of the issue - Steps to reproduce (if applicable) - Potential impact @@ -24,8 +25,8 @@ When reporting a vulnerability, please include: ## Response Timeline -- Initial acknowledgment: **3–5 business days** -- Investigation and validation: **7–14 days** +- Initial acknowledgment: **up to 7 days** +- Investigation and validation: **up to 14 days** depending on the issue severity - Fix and coordinated disclosure thereafter Thank you for helping keep OWASP Nest and the community secure. diff --git a/frontend/jest.setup.ts b/frontend/jest.setup.ts index 066abb9e6b..cd29a0b6fa 100644 --- a/frontend/jest.setup.ts +++ b/frontend/jest.setup.ts @@ -113,14 +113,13 @@ beforeAll(() => { }) } - globalThis.ResizeObserver = class { - disconnect = jest.fn(); - observe = jest.fn(); - unobserve = jest.fn(); -} + globalThis.ResizeObserver = class { + disconnect = jest.fn() + observe = jest.fn() + unobserve = jest.fn() + } }) - beforeEach(() => { jest.spyOn(console, 'error').mockImplementation((...args) => { throw new Error(`Console error: ${args.join(' ')}`) From 9a043cee51440f0d1282694aa92f3e1f1e29f3e6 Mon Sep 17 00:00:00 2001 From: Nazim Muhammed <151945785+nazimmuhammed@users.noreply.github.com> Date: Wed, 18 Feb 2026 11:58:11 +0530 Subject: [PATCH 5/5] Update Footer.tsx --- frontend/src/components/Footer.tsx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/frontend/src/components/Footer.tsx b/frontend/src/components/Footer.tsx index e656122bbf..d19814317b 100644 --- a/frontend/src/components/Footer.tsx +++ b/frontend/src/components/Footer.tsx @@ -27,7 +27,8 @@ export default function Footer() {