jason/mempalace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
53d779311ed238d5867b84a2c726893e6b859e8f
mempalace/SECURITY.md
T
Yorji 53d779311e Create SECURITY.md 
This PR introduces a standard SECURITY.md policy file to the repository. 

While reviewing the codebase, I noticed there wasn't a defined channel for the private, responsible disclosure of security vulnerabilities. Adding this policy helps protect the project by guiding researchers to report bugs privately rather than in public issues. 

I highly recommend merging this and enabling GitHub's "Private Vulnerability Reporting" feature in your repository settings. I currently have some security findings I would like to share with the maintainers securely once a private channel or contact method is established.
2026-04-13 12:49:33 -04:00

1.5 KiB
Raw Blame History

Security Policy

Supported Versions

Please check the table below for the supported versions that are currently receiving security updates.

Version Supported
main / develop
< 1.0.0

(Note: Adjust the table above to reflect MemPalace's actual release cycle)

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues.

We take the security of MemPalace seriously. If you believe you have found a security vulnerability, please report it to us privately using one of the following methods:

  1. GitHub Private Vulnerability Reporting: Navigate to the "Security" tab in this repository, click on "Advisories," and select "Report a vulnerability."
  2. Direct Contact: If private reporting is not enabled, please email the core maintainers directly at [Insert Maintainer Email Here].

What to include in your report:

  • A descriptive summary of the vulnerability.
  • Detailed steps to reproduce the issue (including any proof-of-concept scripts or specific file paths).
  • The potential impact and severity of the vulnerability.

What to expect:

  • We aim to acknowledge receipt of your vulnerability report within 48 hours.
  • We will triage the issue and keep you updated on our progress toward a patch.
  • Once the vulnerability is resolved and an update is released, we will publish a security advisory and credit you for the discovery (if you wish to be credited).
Reference in New Issue View Git Blame Copy Permalink