Merge pull request #9716 from EclipseFdn/update-website

Update ways to report vulnerabilities to website / deploy 0.34.1

Author: manpreetkaur-arch

Dockerfile

@@ -1,5 +1,5 @@
-ARG SERVER_VERSION=v0.34.0
-ARG SERVER_VERSION_STRING=v0.34.0
+ARG SERVER_VERSION=v0.34.1
+ARG SERVER_VERSION_STRING=v0.34.1
 
 # Builder image to compile the website
 FROM ubuntu:24.04 AS builder

configuration/application.yml

@@ -198,10 +198,11 @@ ovsx:
   rate-limit:
     enabled: true
     token-prefix: ovsx_rl_
-    # on the trust boundary, "X-Real-IP" is set for any external requests
-    # for internal requests from within the cluster check first of "X-Forwarded-For" is set, otherwise use the remote addr.
+    # on the trust boundary (fastly edge), "X-Fastly-Real-IP" is set for any external requests
+    # on nginx, "X-Real-IP" is set for any external requests, kept as a fallback
+    # for internal requests from within the cluster check first if "X-Forwarded-For" is set, otherwise use the remote addr.
     # jetty seems to return "[127.0.0.1]" as remote addr in some cases, need to investigate why this is happening
-    ip-address-function: '(getHeader("X-Real-IP")?: getHeader("X-Forwarded-For")?: getRemoteAddr()).split(",")[0].trim()'
+    ip-address-function: '(getHeader("X-Fastly-Real-IP")?: getHeader("X-Real-IP")?: getHeader("X-Forwarded-For")?: getRemoteAddr()).split(",")[0].trim()'
     filters:
       - url: '/(api|vscode)/.*'
         http-response-headers:

website/package.json

@@ -10,7 +10,7 @@
   },
   "type": "module",
   "dependencies": {
-    "openvsx-webui": "npm:openvsx-webui@0.20.0"
+    "openvsx-webui": "npm:openvsx-webui@0.20.1"
   },
   "resolutions": {
     "qs": "^6.14.1"

website/src/about.tsx

@@ -61,12 +61,7 @@ const About = () => {
 
       <Heading variant='h5'>Contact Us</Heading>
       <Paragraph variant='body1'>
-        To report malicious extensions, extensions with known vulnerabilities, or other urgent matters, connect with us
-        at&nbsp;
-        <Link color='secondary' underline='hover' href='mailto:openvsx@eclipse-foundation.org'>
-          openvsx@eclipse-foundation.org
-        </Link>
-        . For non-urgent questions, including managing namespaces or publishing extensions, please visit our&nbsp;
+        For non-urgent questions, including managing namespaces or publishing extensions, please visit our&nbsp;
         <Link color='secondary' underline='hover' href='https://github.com/EclipseFdn/open-vsx.org/wiki'>
           wiki
         </Link>

website/src/footer-content.tsx

@@ -62,7 +62,9 @@ const MainFooter = ({ isSmallDisplay, isLargeDisplay, expanded, toggleExpanded }
       {isSmallDisplay ? null : repositoryLink()}
       {isLargeDisplay ? (
         <Box display='flex'>
-          <Box>{privacyPolicy()}</Box>
+          <Box>{ossAccess()}</Box>
+          <Box ml={itemSpacing}>{privacyPolicy()}</Box>
+          <Box ml={itemSpacing}>{securityPolicy()}</Box>
           <Box ml={itemSpacing}>{termsOfUse()}</Box>
           <Box ml={itemSpacing}>{compliance()}</Box>
           <Box ml={itemSpacing}>{legalResources(false)}</Box>
@@ -102,7 +104,9 @@ const FooterContent: FunctionComponent<{ expanded: boolean }> = ({ expanded }) =
     return (
       <Box display='flex' flexDirection='column' alignItems='stretch'>
         <Box display='flex' flexDirection='column' alignItems='flex-end'>
+          <Box mb={itemSpacing}>{ossAccess()}</Box>
           <Box mb={itemSpacing}>{privacyPolicy()}</Box>
+          <Box mb={itemSpacing}>{securityPolicy()}</Box>
           <Box mb={itemSpacing}>{termsOfUse()}</Box>
           <Box mb={itemSpacing}>{compliance()}</Box>
           <Box mb={itemSpacing}>{legalResources(isSmallDisplay)}</Box>
@@ -135,12 +139,24 @@ const repositoryLink = () => (
   </Link>
 );
 
+const ossAccess = () => (
+  <Link href='https://managed.open-vsx.org/contact' sx={[styles.link, styles.legalText]}>
+    OSS Access
+  </Link>
+);
+
 const privacyPolicy = () => (
   <Link href='https://www.eclipse.org/legal/privacy/' sx={[styles.link, styles.legalText]}>
     Privacy Policy
   </Link>
 );
 
+const securityPolicy = () => (
+  <Link href='/security/' sx={[styles.link, styles.legalText]}>
+    Security Policy
+  </Link>
+);
+
 const termsOfUse = () => <LegalLink to='/terms-of-use'>Terms of Use</LegalLink>;
 
 const compliance = () => (

website/src/menu-content.tsx

@@ -33,6 +33,7 @@ import PeopleAltIcon from '@mui/icons-material/PeopleAlt';
 import HubIcon from '@mui/icons-material/Hub';
 import AccountBoxIcon from '@mui/icons-material/AccountBox';
 import BusinessIcon from '@mui/icons-material/Business';
+import SecurityIcon from '@mui/icons-material/Security';
 import { UserSettingsRoutes } from 'openvsx-webui/lib/pages/user/user-settings-routes';
 import { MainContext } from 'openvsx-webui/lib/context';
 import {
@@ -90,6 +91,12 @@ export const MobileMenuContent: FunctionComponent = () => {
           Commercial Usage
         </MenuItemText>
       </MenuItem>
+      <MenuItem component={Link} href='https://researcher-recognition.open-vsx.org'>
+        <MenuItemText>
+          <SecurityIcon sx={itemIcon} />
+          Report a Vulnerability
+        </MenuItemText>
+      </MenuItem>
       <MenuItem component={Link} href='https://github.com/EclipseFdn/open-vsx.org/wiki'>
         <MenuItemText>
           <MenuBookIcon sx={itemIcon} />
@@ -176,6 +183,7 @@ export const DefaultMenuContent: FunctionComponent = () => {
   return (
     <>
       <MenuLink href='https://managed.open-vsx.org/'>Commercial Usage</MenuLink>
+      <MenuLink href='https://researcher-recognition.open-vsx.org'>Report a Vulnerability</MenuLink>
       <MenuLink href='https://github.com/EclipseFdn/open-vsx.org/wiki'>Documentation</MenuLink>
       <MenuLink href='https://status.open-vsx.org/'>Status</MenuLink>
       <MenuTypography onClick={toggleWorkingGroupMenu} ref={workingGroupMenuEl}>

website/src/page-settings.tsx

@@ -215,7 +215,7 @@ export default function createPageSettings(
     );
     return (
       <Link
-        href={`mailto:openvsx@eclipse-foundation.org?subject=Report%20Abuse%20-%20${extension.namespace}.${extension.name}&Body=${reportAbuseText}%0A%0A${extensionURL}`}
+        href={`mailto:security@open-vsx.org?subject=Report%20Abuse%20-%20${extension.namespace}.${extension.name}&Body=${reportAbuseText}%0A%0A${extensionURL}`}
         variant='body2'
         color='secondary'
         underline='hover'

website/yarn.lock

@@ -4838,7 +4838,7 @@ __metadata:
     eslint: "npm:^9.39.0"
     eslint-config-prettier: "npm:^10.1.8"
     eslint-plugin-react: "npm:^7.37.0"
-    openvsx-webui: "npm:openvsx-webui@0.20.0"
+    openvsx-webui: "npm:openvsx-webui@0.20.1"
     prettier: "npm:^3.8.1"
     rollup-plugin-visualizer: "npm:^7.0.1"
     typescript: "npm:^5.9.0"
@@ -4862,9 +4862,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"openvsx-webui@npm:openvsx-webui@0.20.0":
-  version: 0.20.0
-  resolution: "openvsx-webui@npm:0.20.0"
+"openvsx-webui@npm:openvsx-webui@0.20.1":
+  version: 0.20.1
+  resolution: "openvsx-webui@npm:0.20.1"
   dependencies:
     "@babel/core": "npm:^7.29.0"
     "@emotion/react": "npm:^11.11.1"
@@ -4895,7 +4895,7 @@ __metadata:
     react-infinite-scroller: "npm:^1.2.6"
     react-router: "npm:^6.30.3"
     react-router-dom: "npm:^6.30.3"
-  checksum: 10/baba402b9d0cc7f7c42978eff26ac9b1fae736e28fd15a354ddcaf83f13a3b501bf4325f72a1eebbb8f2e6fc67958dcae8c46ee5bbc00fa9c2bc326648631edc
+  checksum: 10/2d9c65ce3d986000863ab820b0ed6d7fc0215623712ab8e4f55c7f94344f71d3d11b25c742b014700a91b34c38d9a55f7b5a015c7b448b4b9d7d01ea381fb57e
   languageName: node
   linkType: hard