synced/tinode-chat
1
0
Fork 0
mirror of https://github.com/tinode/chat.git synced 2025-03-15 09:58:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

clarify what not to report as security problems

Browse Source
This commit is contained in:
or-else
2024-12-21 10:35:44 +03:00
parent cc5bb68056
commit 6d5c407c50
1 changed files with 7 additions and 2 deletions

9
SECURITY.md

@ -2,6 +2,11 @@
## Reporting a Vulnerability
Please report a vulnerability to security@tinode.co
Please report a vulnerability to `security@tinode.co`.
## What not to report
* Firebase initialization tokens. The Firebase tokens are really public: they must be included into client applications and consequently are not private by design.
* Exposed `/pprof` or `/expvar`. We know they are exposed. It's intentional and harmless.
* Exposed Prometheus metrics `/metrics`. Like above, it's intentional and harmless.
Please do not report Firebase initialization tokens. The Firebase tokens are really public: they must be included into client applications and consequently are not private by design.