tomasalias/AstralRinth
1
0
Fork 0
forked from didirus/AstralRinth
Code Pull Requests Activity
Files
f1a33db80093a7ef3ba7fc35d1d445b3f208bc1f
AstralRinth/pages/legal/security.vue
Geometrically 8f137cf49d Security notice (#767) 
Co-authored-by: triphora <emmaffle@modrinth.com>
2022-11-26 21:16:34 -05:00

94 lines
2.5 KiB
Vue
Raw Blame History

<template>
<div>
<h1>Security Notice</h1>
<p>
This is the security notice for all Modrinth repositories. The notice
explains how vulnerabilities should be reported.
</p>
<h2>Reporting a Vulnerability</h2>
<p>
If you've found a vulnerability, we would like to know so we can fix it
before it is released publicly.
<strong>Do not open a GitHub issue for a found vulnerability</strong>.
</p>
<p>
Send details to <a href="mailto:jai@modrinth.com">jai@modrinth.com</a>
including:
</p>
<ul>
<li>
the website, page or repository where the vulnerability can be observed
</li>
<li>a brief description of the vulnerability</li>
<li>
optionally the type of vulnerability and any related
<a
href="https://www.owasp.org/index.php/Category:OWASP_Top_Ten_2017_Project"
>
OWASP category
</a>
</li>
<li>non-destructive exploitation details</li>
</ul>
<p>We will do our best to reply as fast as possible.</p>
<h2>Scope</h2>
<p>The following vulnerabilities <strong>are not</strong> in scope:</p>
<ul>
<li>
volumetric vulnerabilities, for example overwhelming a service with a
high volume of requests
</li>
<li>
reports indicating that our services do not fully align with "best
practice", for example missing security headers
</li>
</ul>
<p>
If you aren't sure, you can still reach out via email or direct message.
</p>
<hr />
<p>
This notice is inspired by the
<a href="https://www.pythondiscord.com/pages/security-notice/">
Python Discord Security Notice</a
>.
</p>
<p><em>Version 2022-11</em></p>
</div>
</template>
<script>
export default {
auth: false,
head: {
title: 'Security Notice - Modrinth',
meta: [
{
hid: 'description',
name: 'description',
content:
'The Security Notice of Modrinth, an open source modding platform focused on Minecraft.',
},
{
hid: 'apple-mobile-web-app-title',
name: 'apple-mobile-web-app-title',
content: 'Security Notice',
},
{
hid: 'og:title',
name: 'og:title',
content: 'Security Notice',
},
{
hid: 'og:url',
name: 'og:url',
content: `https://modrinth.com/legal/security`,
},
],
},
}
</script>
<style lang="scss" scoped></style>
View Git Blame Copy Permalink