Mirroristas/gun
2
0
Fork 0
mirror of https://github.com/amark/gun.git synced 2025-09-13 04:50:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
gun/SECURITY.md
Mark Nadal b1b408971d
Master into Deploys (#1391) 
* Thank you Murage Martin @murageyun for donating!!!

* Fix opt.s3.fakes3 parsing issue (#1318)

* Fix opt.s3.fakes3 parsing issue

* Fix second typo within if block

* Support variable number of auth retry attempts through opt.retries (#1325)

Maintain default to 9 to ensure backwards compatibility

* Thanks Jason Stallings @octalmage !!!

* Remove unused imports (#1337)

* Update README.md

* yay format change

* encode objects

* WS ws.path fix  (#1343)

* Update wire.js

* Update wire.js

* Update wire.js

* add one click deploy to readme (#1342)

* update src/index (#1254)

* update src/index

* update

* src/index fix

* added src/core

* is ??? this a MVP of book & rad ???? thanks to @rogowski

* book & rad APIs stabilizing

* RAD & Book promoted! + buggy example: test/rad/book.html

* bump path

* cleaned up Book results & sorting & caching

* sea blobs! (#1353)

* sea blobs!

* and null origins

* null fix

* null check is last

* add a way to select stats file from url (#1351)

* react-native detection, and load needed shims (#1349)

* react-native detection

* added lib mobile

* changed back to gun. for another solution

* have unbuild function wrap to prevent scope leaks & allow RETURN hehehe so I can reject @bmatusiak 's lS change O:) O:) I love you you're a hero!

later with @bmatusiak check sea.then for '../gun.js' vs '../' vs ...
note: src/index -> core.js
TODO: something about WebRTC candidates hitting ack decrement limits?

* quick-fix (#1355)

* Fix SEA certificate verification, allow multiple pubs (#1358)

* Create SECURITY.md (#1364)

* ... works (#1357)

* Loading fix (#1356)

* does this load better

* check window.Gun too in rfs

* update SECURITY.md file and change the versions to 0.2020.x (#1365)

* webrtc accept getUserMedia streams as peer

* Check atom exists in graph when deciding to read from disk (#1371)

* fix: ERROR: Radisk needs `store.put` interface (#1374)

* Update STUN servers (#1381)

Commented out sipgate.net STUN server.
Added Cloudflare STUN server.

* universal notification system

---------

Co-authored-by: ritchia1 <andrew.ritchie@estimateone.com>
Co-authored-by: Anton <dev@atjn.dk>
Co-authored-by: Bradley Matusiak <bmatusiak@gmail.com>
Co-authored-by: Jay Byoun <jay8061@pm.me>
Co-authored-by: mimiza <dev@mimiza.com>
Co-authored-by: Simardeep Singh <1003simar@gmail.com>
Co-authored-by: Malcolm Blaney <mblaney@gmail.com>
Co-authored-by: Andreas Heissenberger <andreas@heissenberger.at>
Co-authored-by: carlin978 <120719190+carlin978@users.noreply.github.com>
2024-11-23 17:52:28 -08:00

1.9 KiB
Raw Permalink Blame History

Security Policy

Introduction

Security is our top priority. We are committed to ensuring that our project is as secure as possible for everyone who uses it. This document outlines our security policy and procedures for dealing with security issues.

Supported Versions

We provide security updates for the following versions of our project:

Version Supported
0.2020.x
< 0.2020

Reporting a Vulnerability

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible.

Report Format

When reporting vulnerabilities, please include the following details:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact if left unaddressed
  • Suggested mitigation or resolution if any

Response Time

We aim to confirm the receipt of your vulnerability report within 48 hours. Depending on the severity and complexity of the issue, we strive to investigate the issue and provide an initial response within a week.

Disclosure Policy

If the vulnerability is confirmed, we will work on a fix and plan a release. We ask that you do not publicly disclose the issue until it has been addressed by us.

Security Practices

We follow industry-standard security practices, including regular audits of the services and features we provide, to maintain the trust of our users.

Security Updates

We will communicate any security updates through our standard communication channels, including our project's release notes and official website.

Conclusion

We greatly value the work of security researchers and believe that responsible disclosure of vulnerabilities is a valuable contribution to the security of the Internet. We encourage users to contribute to the security of our project by reporting any security-related issues to us.