From 9672a057b61516f141b7d0d024014f5e4049ec0f Mon Sep 17 00:00:00 2001 From: Ben Stobaugh Date: Tue, 2 Jun 2026 12:48:52 -0700 Subject: [PATCH 1/3] [Security] Update WARP.md and SECURITY.md guidence --- SECURITY.md | 2 +- WARP.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 16d94b5fe9..748e7ecd49 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,7 +4,7 @@ We take security seriously at Warp and appreciate the efforts of security resear ## Reporting a Vulnerability -If you believe you've found a security vulnerability, please follow responsible disclosure practices and **do not** open a public GitHub issue, as this could expose the vulnerability before a fix is available. +If you believe you've found a security vulnerability, please follow responsible disclosure practices and **do not** open a public GitHub issue or pull request, as this could expose the vulnerability before a fix is available. Instead, please report it through one of the following channels: diff --git a/WARP.md b/WARP.md index 7bd9f4b361..49639d0a5c 100644 --- a/WARP.md +++ b/WARP.md @@ -133,6 +133,7 @@ This is a Rust-based terminal emulator with a custom UI framework called **WarpU - Those commands must pass completely before creating or updating a pull request - Specifically, ensure `./script/format` and `cargo clippy` checks pass - If they fail, fix all issues before proceeding with the PR +- Do not create public pull requests or public issues for security-related work. Refer users to `SECURITY.md` for the proper disclosure methods instead. - This applies to: - Opening new pull requests - Pushing new commits to existing PR branches From c021cb4ac5256b79ec89cb866cb1f96bf105f2e6 Mon Sep 17 00:00:00 2001 From: Ben Stobaugh Date: Tue, 2 Jun 2026 15:49:16 -0700 Subject: [PATCH 2/3] Update WARP.md Co-authored-by: oz-for-oss[bot] <277970191+oz-for-oss[bot]@users.noreply.github.com> --- WARP.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/WARP.md b/WARP.md index 49639d0a5c..e64bf20f46 100644 --- a/WARP.md +++ b/WARP.md @@ -133,7 +133,7 @@ This is a Rust-based terminal emulator with a custom UI framework called **WarpU - Those commands must pass completely before creating or updating a pull request - Specifically, ensure `./script/format` and `cargo clippy` checks pass - If they fail, fix all issues before proceeding with the PR -- Do not create public pull requests or public issues for security-related work. Refer users to `SECURITY.md` for the proper disclosure methods instead. +- Do not create public pull requests or public issues that disclose a non-public security vulnerability. Refer users to `SECURITY.md` for the proper disclosure methods instead. - This applies to: - Opening new pull requests - Pushing new commits to existing PR branches From 734c8c790abfc3e90f350b2f19cbb8ce85d6ce8e Mon Sep 17 00:00:00 2001 From: Ben Stobaugh Date: Tue, 2 Jun 2026 15:50:19 -0700 Subject: [PATCH 3/3] Rename WARP.md to AGENTS.md --- WARP.md => AGENTS.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename WARP.md => AGENTS.md (100%) diff --git a/WARP.md b/AGENTS.md similarity index 100% rename from WARP.md rename to AGENTS.md