Security
This is the security notice for all RuneForge repositories. The notice explains how vulnerabilities should be reported.
Reporting a Vulnerability
If you've found a vulnerability, we would like to know so we can fix it before it is released publicly. Any found vulnerabilities should not be shared publicly but rather reported to us privately.
Send details to [email protected] including:
- the website, page or repository where the vulnerability can be observed
- a brief description of the vulnerability
- the type or category of the vulnerability
- non-destructive exploitation details
We will do our best to reply as fast as possible.
Scope
The following vulnerabilities are not in scope:
- Denial of service-type attacks such as overwhelming our servers with requests
If you aren't sure, you can still reach out via email or direct message.