EXILED icon indicating copy to clipboard operation
EXILED copied to clipboard

Published 20 hours ago verified publisher icon Exiled-Team

Create SECURITY.md

Open iamalexrouse opened this issue 10 months ago • 1 comments

Hi!

You haven't got a SECURITY.md file. A SECURITY file is used to give guidelines to developers who may find exploits which could be harmful to plugins, servers, or even local machines (Servers or Home Computers). This also applies to workflows, e.g. Logging unencrypted API keys which could provide an attacker unrestricted write access to the repository.

While most issues can be made in the issues tab, security reports are made for exploits which shouldn't be shared while a fix is in production. Say: I could use an exploit reported to Issues to get server credentials and start a backdoor server. You can a bit more research before you make a decision, but this file is generally a good idea to have.

This file gives a quick outline on what kinds of reports are allowed.

Please feel free to edit this file until you are happy.

iamalexrouse avatar Apr 16 '24 13:04 iamalexrouse

Build CI errors are unrelated to PR and can be ignored.

iamalexrouse avatar May 20 '24 02:05 iamalexrouse