Merge pull request #973 from usagov/staging

Sprint 53: HOTFIX release
usagov · Feb 20, 2024 · 7b5029e · 7b5029e
2 parents 28b2c49 + 6054de2
commit 7b5029e
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 2 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,32 @@
+# Security Policy
+
+As a U.S. Government agency, the General Services Administration (GSA) takes
+seriously our responsibility to protect the public's information, including
+financial and personal information, from unwarranted disclosure.
+
+## Reporting a Vulnerability
+
+Services operated by the U.S. General Services Administration (GSA)
+are covered by the **GSA Vulnerability Disclosure Program (VDP)**.
+
+See the [GSA Vulnerability Disclosure Policy](https://gsa.gov/vulnerability-disclosure-policy)
+at <https://www.gsa.gov/vulnerability-disclosure-policy> for details including:
+
+* How to submit a report if you believe you have discovered a vulnerability.
+* Bug bounty scope.
+* GSA's coordinated disclosure policy.
+* Information on how you may conduct security research on GSA developed
+  software and systems.
+* Important legal and policy guidance.
+
+## Supported Versions
+
+Please note that only certain branches are supported with security updates.
+
+| Version (Branch) | Supported          |
+| ---------------- | ------------------ |
+| main             | :white_check_mark: |
+| other            | :x:                |
+
+When using this code or reporting vulnerabilities please only use supported
+versions.
diff --git a/layouts/index.html b/layouts/index.html
@@ -28,10 +28,10 @@
                 <h1 class="main-heading" data-test="main-header">{{ $translation.homepage.header | safeHTML }}</h1>
               </header>
 
-              <form id="state-combo-box">
+              <form id="state-combo-box" tabindex="-1" style="outline: 0 none;">
                 <label for="state-input">{{ $translation.homepage.state_selection__heading }}</label>
                 <div class="input-buttons-group" aria-label="{{ $translation.homepage.state_selection__aria_label }}" data-test="state-selection">
-                <input type="text" class="state-input" id="state-input" autocomplete="off" placeholder="{{ $translation.homepage.state_selection__placeholder }}">
+                <input type="text" class="state-input" id="state-input" placeholder="{{ $translation.homepage.state_selection__placeholder }}">
                   <div class="input-control-container">
                     <button id="state-dropdown-btn" tabindex="-1" class="dropdown-btn" type="button" aria-hidden="true" data-test="dropdown-btn"></button>
                   </div>