mirror of
https://github.com/tinode/chat.git
synced 2025-03-14 10:05:07 +00:00
13 lines
470 B
Markdown
13 lines
470 B
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please report a vulnerability to `security@tinode.co`.
|
|
|
|
## What not to report
|
|
|
|
* Firebase initialization tokens. The Firebase tokens are really public: they must be included into client applications and consequently are not private by design.
|
|
* Exposed `/pprof` or `/expvar`. We know they are exposed. It's intentional and harmless.
|
|
* Exposed Prometheus metrics `/metrics`. Like above, it's intentional and harmless.
|
|
|