hargata/lubelog
1
0
Fork 0
mirror of https://github.com/hargata/lubelog.git synced 2026-02-03 17:53:02 -06:00
Code Issues Packages Projects Releases 51 Wiki Activity

Revise SECURITY.md for clarity on vulnerabilities

Browse Source 
Clarified security policy and reporting guidelines.
This commit is contained in:
Hargata Softworks 2026-01-25 09:39:25 -07:00 committed by GitHub
parent 394de8bda1
commit b1b4b6a77e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
SECURITY.md Normal file
View File

@ -0,0 +1,13 @@
LubeLogger is not designed to be deployed in serious enterprise applications. Authentication should be enabled for public(Internet-facing) deployments.
Only submit security vulnerabilities if protected resources can be accessed without authentication when it is required.
What we don't consider as security vulnerabilities:
- Your public-facing instance of LubeLogger without Authentication was defaced by malicious actors.
- A malicious actor has breached your server, accessed your postgres database and reversed the password hashes of LubeLogger users.
- A malicious actor has breached your server and replaced the Root User's Username and Password hashes with his own.
- Malware installed on your browser via extensions have injected malicious code(i.e.: clickjacking)
What we do consider as security vulnerabilities:
- Records data being accessed and modified by unauthenticated or unauthorized users.
- Malicious code that have found its way into the repository.