chore: 修改readme 英文版本 (#5448)

* chore: 修改readme 英文版本

Co-authored-by: ibuler <ibuler@qq.com>

README.md

@@ -4,6 +4,8 @@
 [![Django](https://img.shields.io/badge/django-2.2-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
 [![Docker Pulls](https://img.shields.io/docker/pulls/jumpserver/jms_all.svg)](https://hub.docker.com/u/jumpserver)
 
+- [ENGLISH](https://github.com/jumpserver/jumpserver/blob/master/README_EN.md)
+
 ## 紧急BUG修复通知
 JumpServer发现远程执行漏洞，请速度修复
 

README_EN.md

@@ -1,16 +1,126 @@
 ## Jumpserver 
 
-![Total visitor](https://visitor-count-badge.herokuapp.com/total.svg?repo_id=jumpserver)
-![Visitors in today](https://visitor-count-badge.herokuapp.com/today.svg?repo_id=jumpserver)
 [![Python3](https://img.shields.io/badge/python-3.6-green.svg?style=plastic)](https://www.python.org/)
-[![Django](https://img.shields.io/badge/django-2.1-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
-[![Ansible](https://img.shields.io/badge/ansible-2.4.2.0-blue.svg?style=plastic)](https://www.ansible.com/)
-[![Paramiko](https://img.shields.io/badge/paramiko-2.4.1-green.svg?style=plastic)](http://www.paramiko.org/)
+[![Django](https://img.shields.io/badge/django-2.2-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
+[![Docker Pulls](https://img.shields.io/docker/pulls/jumpserver/jms_all.svg)](https://hub.docker.com/u/jumpserver)
 
+---- 
+## CRITICAL BUG WARNING
+
+JumpServer found a critical bug for pre auth and info leak, You should fix quickly.
+
+Thanks for reactivity of Alibaba Hackerone bug bounty program report us this bug
+
+**Vulnerable version:**
+```
+< v2.6.2
+< v2.5.4
+< v2.4.5 
+= v1.5.9
+```
+
+**Safe version:**
+```
+>= v2.6.2
+>= v2.5.4
+>= v2.4.5 
+= v1.5.9 （Unstander version, so no change）
+```
+
+**Fix method:**
+Upgrade to save version
+
+
+**Quick temporary fix method:(recommend)**
+
+Modify nginx config file, disable vulnerable api
+
+```
+/api/v1/authentication/connection-token/
+/api/v1/users/connection-token/
+```
+
+Nginx config path
+
+```
+# Community old version
+/etc/nginx/conf.d/jumpserver.conf
+
+# Enterpise old version
+jumpserver-release/nginx/http_server.conf
+ 
+# New version
+jumpserver-release/compose/config_static/http_server.conf
+```
+
+Modify nginx config 
+
+```
+### On the server location top, or before of /api and /
+location /api/v1/authentication/connection-token/ {
+   return 403;
+}
+ 
+location /api/v1/users/connection-token/ {
+   return 403;
+}
+### Add two location above
+ 
+location /api/ {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_pass http://core:8080;
+  }
+ 
+...
+```
+
+Then restart nginx
+
+```
+docker deployment: 
+$ docker restart jms_nginx
+
+rpm or other deployment:
+$ systemctl restart nginx
+
+```
+
+**Fix verify**
+
+```
+$ wget https://github.com/jumpserver/jumpserver/releases/download/v2.6.2/jms_bug_check.sh 
+
+# bash jms_bug_check.sh HOST 
+$ bash jms_bug_check.sh demo.jumpserver.org
+漏洞已修复 (fixed)
+漏洞未修复 (vulnerable)
+```
+
+
+**Attack detection**
+
+Download the check script under the directory logs than the gunicorn on 
+
+```
+$ pwd
+/opt/jumpserver/core/logs
+
+$ ls gunicorn.log
+gunicorn.log
+
+$ wget 'https://github.com/jumpserver/jumpserver/releases/download/v2.6.2/jms_check_attack.sh'
+$ bash jms_check_attack.sh
+系统未被入侵 (safe)
+系统已被入侵 (attacked)
+```
+
+--------------------------
 
 ----
 
-- [中文版](https://github.com/jumpserver/jumpserver/blob/master/README_EN.md)
+- [中文版](https://github.com/jumpserver/jumpserver/blob/master/README.md)
 
 Jumpserver is the first fully open source bastion in the world, based on the GNU GPL v2.0 open source protocol. Jumpserver is a  professional operation and maintenance audit system conforms to 4A specifications.