You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: security.md
+4-7
Original file line number
Diff line number
Diff line change
@@ -3,15 +3,12 @@ See also [code conventions](code-conventions.md); there are a few guidelines
3
3
about security of added code there.
4
4
5
5
## Reporting security issues
6
-
Security issues may be reported to core team members privately e.g. on Discord.
7
-
Note that this applies *only* to security issues; everything else should still
8
-
be posted to issue tracker.
6
+
Security issues may be reported via the GitHub private vulnerability reporting feature [here](https://github.com/SkriptLang/Skript/security/advisories/new).
7
+
Note that this applies *only* to security issues; everything else should still be posted to issue tracker.
9
8
10
-
Publicly posting security issues is also allowed, because not everyone has or
11
-
wants a Discord account. We may add other channels for private reports in
12
-
future.
9
+
Please avoid publicly posting or discussing security issues that don't have a fix available yet.
13
10
14
11
## Team guidelines
15
12
Everyone with push access must use two-factor authentication for their Github
16
13
accounts. Should their account still be compromised, other team members should
0 commit comments