From c46b9c467e14d58d1473d1e8b7b63b413c51831d Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Thu, 9 May 2024 11:09:03 -0400
Subject: [PATCH 1/3] fix(issue_template): Add security reporting redirect to
 bug report form

Similar language as that already used in our PR form.

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 .github/ISSUE_TEMPLATE/BUG_REPORT.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/ISSUE_TEMPLATE/BUG_REPORT.yml b/.github/ISSUE_TEMPLATE/BUG_REPORT.yml
index 065df5a1742ac..45a63efee8fc3 100644
--- a/.github/ISSUE_TEMPLATE/BUG_REPORT.yml
+++ b/.github/ISSUE_TEMPLATE/BUG_REPORT.yml
@@ -9,6 +9,14 @@ body:
         ### 👍 Thank you for contributing to our project!
         Please note this is a **free and open-source** project. Most people take on their own time to help you, so please, be patient.
         You can obtain [Enterprise support](https://nextcloud.com/support/) if you run Nextcloud Server in a mission critical environment.
+  - type: markdown
+    attributes:
+      value: |
+        ### 🚨 SECURITY INFO
+        If you are reporting a security concern, please report it via [our HackerOne page](https://hackerone.com/nextcloud) instead and review our [security policy](https://nextcloud.com/security/).
+        This allows us to coordinate the fix and release without potentially exposing all Nextcloud servers and users in the meantime.
+        It also may qualify your report for a bug bounty reward.
+        Thank you for helping make Nextcloud more secure!
   - type: checkboxes
     id: before-posting
     attributes:

From 5b5c44749873a240af19282aa16d26356b9977c3 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Fri, 10 May 2024 09:26:21 +0200
Subject: [PATCH 2/3] chore: Add a dedicated link to the security program

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 .github/ISSUE_TEMPLATE/BUG_REPORT.yml | 4 ++--
 .github/ISSUE_TEMPLATE/config.yml     | 3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/BUG_REPORT.yml b/.github/ISSUE_TEMPLATE/BUG_REPORT.yml
index 45a63efee8fc3..be494f5d6ca21 100644
--- a/.github/ISSUE_TEMPLATE/BUG_REPORT.yml
+++ b/.github/ISSUE_TEMPLATE/BUG_REPORT.yml
@@ -46,7 +46,7 @@ body:
       label: Steps to reproduce
       description: |
         Describe the steps to reproduce the bug.
-        The better your description is _(go 'here', click 'there'...)_ the fastest you'll get an _(accurate)_ answer. 
+        The better your description is _(go 'here', click 'there'...)_ the fastest you'll get an _(accurate)_ answer.
       value: |
         1.
         2.
@@ -205,7 +205,7 @@ body:
         Provide Nextcloud Signing status.
         First, login as Admin user into your Nextcloud, then access this URL:
         ```shell
-        https://yournextcloud.tld/index.php/settings/integrity/failed 
+        https://yournextcloud.tld/index.php/settings/integrity/failed
         ```
         > NOTE: This will be automatically formatted into code for better readability.
       render: shell
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index 5541d016b71f4..faf8cdc28d9f6 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,5 +1,8 @@
 blank_issues_enabled: false
 contact_links:
+    - name: 🚨 Report a security or privacy issue
+      url: https://hackerone.com/nextcloud
+      about: Report security and privacy related issues privately to the Nextcloud team, so we can coordinate the fix and release without potentially exposing all Nextcloud servers and users in the meantime.
     - name: ❓ Community Support and Help
       url: https://help.nextcloud.com/
       about: Configuration, webserver/proxy or performance issues and other questions

From 90597e13196163e57753458ebb1dded846871df5 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Fri, 10 May 2024 09:28:31 +0200
Subject: [PATCH 3/3] chore: Allow to create issues without a template

Let's see if this works (seems to work in most apps),
we can still revert this when it does turn out that
too many unexperienced reports come in.

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 .github/ISSUE_TEMPLATE/BUG_REPORT.yml | 2 +-
 .github/ISSUE_TEMPLATE/config.yml     | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/BUG_REPORT.yml b/.github/ISSUE_TEMPLATE/BUG_REPORT.yml
index be494f5d6ca21..4047a78bc83e6 100644
--- a/.github/ISSUE_TEMPLATE/BUG_REPORT.yml
+++ b/.github/ISSUE_TEMPLATE/BUG_REPORT.yml
@@ -1,4 +1,4 @@
-name: "Bug report: Nextcloud Server"
+name: "🐛 Bug report: Nextcloud Server"
 description: "Submit a report and help us improve Nextcloud Server"
 title: "[Bug]: "
 labels: ["bug", "0. Needs triage"]
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index faf8cdc28d9f6..730c1b1ebe296 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,4 +1,3 @@
-blank_issues_enabled: false
 contact_links:
     - name: 🚨 Report a security or privacy issue
       url: https://hackerone.com/nextcloud