Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create SECURITY.md #2513

Closed
wants to merge 4 commits into from
Closed

Create SECURITY.md #2513

wants to merge 4 commits into from

Conversation

ALEXWARELLC
Copy link

@ALEXWARELLC ALEXWARELLC commented Apr 16, 2024
edited

Hi!

You haven't got a SECURITY.md file. A SECURITY file is used to give guidelines to developers who may find exploits which could be harmful to plugins, servers, or even local machines (Servers or Home Computers). This also applies to workflows, e.g. Logging unencrypted API keys which could provide an attacker unrestricted write access to the repository.

While most issues can be made in the issues tab, security reports are made for exploits which shouldn't be shared while a fix is in production. Say: I could use an exploit reported to Issues to get server credentials and start a backdoor server. You can a bit more research before you make a decision, but this file is generally a good idea to have.

This file gives a quick outline on what kinds of reports are allowed.

Please feel free to edit this file until you are happy.

@ALEXWARELLC
Create SECURITY.md
1e031b1 
Hi!

You have not got a `SECURITY.md` file. A SECURITY file is used to give guidelines to developers who may find exploits which could be harmful to plugins, servers, or even local machines (Servers or Home Computers).

This file gives a quick outline on what kinds of reports are allowed.

Please feel free to edit this file until you are happy.
@louis1706 louis1706 added the documentation Improvements or additions to documentation label Apr 17, 2024
@ALEXWARELLC ALEXWARELLC closed this May 1, 2024
@ALEXWARELLC ALEXWARELLC deleted the patch-1 branch May 1, 2024 13:37
@ALEXWARELLC ALEXWARELLC restored the patch-1 branch May 1, 2024 13:44
@ALEXWARELLC ALEXWARELLC reopened this May 1, 2024
Vladislav-CS
Vladislav-CS requested changes May 19, 2024
View reviewed changes
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
ALEXWARELLC and others added 2 commits May 19, 2024 18:26
@ALEXWARELLC @Vladislav-CS
Update SECURITY.md
d3e7bf3 
Co-authored-by: Vladislav Popovič <vladislavcs@proton.me>
@ALEXWARELLC @Vladislav-CS
Update SECURITY.md
b132011 
Co-authored-by: Vladislav Popovič <vladislavcs@proton.me>
@ALEXWARELLC
Copy link
Author

Build CI errors are unrelated to PR and can be ignored.

@ALEXWARELLC ALEXWARELLC closed this by deleting the head repository May 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Vladislav-CS Vladislav-CS Vladislav-CS approved these changes

@Misfiy Misfiy Misfiy approved these changes

@NaoUnderscore NaoUnderscore Awaiting requested review from NaoUnderscore

Assignees

@ALEXWARELLC ALEXWARELLC

Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ALEXWARELLC @Vladislav-CS @Misfiy @louis1706