From 7caa4dda2afcd15fe716bc38d151c52381f934f7 Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Thu, 19 Feb 2026 10:25:55 -0300 Subject: [PATCH] Blog: update new HackerOne signal requirements --- .../en/blog/announcements/hackerone-signal-requirement.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/apps/site/pages/en/blog/announcements/hackerone-signal-requirement.md b/apps/site/pages/en/blog/announcements/hackerone-signal-requirement.md index 34dd19dc1d551..1f2354e29adf1 100644 --- a/apps/site/pages/en/blog/announcements/hackerone-signal-requirement.md +++ b/apps/site/pages/en/blog/announcements/hackerone-signal-requirement.md @@ -1,11 +1,15 @@ --- -date: 2026-01-21T12:00:00.000Z +date: 2026-02-19T12:00:00.000Z category: announcements title: New HackerOne Signal Requirement for Vulnerability Reports layout: blog-post author: The Node.js Project --- +**UPDATE 2026-02-19**: New researchers without signal can no longer submit reports through HackerOne. If you are a new researcher and would like to report a potential vulnerability, please reach out to the [Node.js security release stewards](https://github.com/nodejs/node?tab=readme-ov-file#security-release-stewards) through the [OpenJS Foundation Slack](https://slack-invite.openjsf.org/). + +--- + We have updated our [HackerOne program](https://hackerone.com/nodejs) to require a **Signal of 1.0 or higher** to submit vulnerability reports to the Node.js project.