chore: import upstream snapshot with attribution
Enforce Pull-Request Rules / check (push) Has been cancelled
Enforce Pull-Request Rules / check (push) Has been cancelled
This commit is contained in:
@@ -0,0 +1,31 @@
|
||||
# Security Policy
|
||||
|
||||
## Scope and Deployment
|
||||
|
||||
MagicMirror is primarily intended for trusted local/private network environments.
|
||||
Direct public exposure to the internet or other untrusted networks is not recommended.
|
||||
|
||||
We take security seriously and encourage responsible disclosure of vulnerabilities to help us improve the software.
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
**Please keep vulnerability details private** — do not post them in public GitHub issues.
|
||||
|
||||
Instead, reach out privately via the MagicMirror forum to one of the core developers:
|
||||
|
||||
- [rejas](https://forum.magicmirror.builders/user/rejas)
|
||||
- [karsten13](https://forum.magicmirror.builders/user/karsten13)
|
||||
- [sdetweil](https://forum.magicmirror.builders/user/sdetweil)
|
||||
- [Kristjan](https://forum.magicmirror.builders/user/kristjanesperanto)
|
||||
|
||||
Please include, if possible:
|
||||
|
||||
- Affected version(s)
|
||||
- Reproduction steps or proof-of-concept
|
||||
- What could an attacker do with this?
|
||||
- Any ideas how to fix it?
|
||||
|
||||
## Coordinated Disclosure
|
||||
|
||||
We will keep reported vulnerabilities private until a fix is available and coordinate the disclosure timeline with you.
|
||||
We aim to respond as quickly as possible.
|
||||
Reference in New Issue
Block a user