kenmirrors/MagicMirror
1
0
Fork 0
mirror of https://github.com/MichMich/MagicMirror.git synced 2026-04-23 14:27:01 +00:00
Code Issues Projects Releases Wiki Activity
Files
2e97e29ab52ffeabd6a7b83ce3186aec0057c682
MagicMirror/.github/SECURITY.md
Kristjan ESPERANTO 946d3226b1 docs: add security policy and vulnerability reporting guidelines (#4069) 
Adding a SECURITY.md helps us make two things clearer:

- MagicMirror is not intended for direct public internet exposure.
- There is a clear path to report security concerns responsibly.

Related issue: #4067  

---

As always, suggestions for improvement are very welcome.
2026-04-01 00:09:27 +02:00

1.1 KiB
Raw Blame History

Security Policy

Scope and Deployment

MagicMirror is primarily intended for trusted local/private network environments. Direct public exposure to the internet or other untrusted networks is not recommended.

We take security seriously and encourage responsible disclosure of vulnerabilities to help us improve the software.

Reporting a Vulnerability

Please keep vulnerability details private — do not post them in public GitHub issues.

Instead, reach out privately via the MagicMirror forum to one of the core developers:

Please include, if possible:

  • Affected version(s)
  • Reproduction steps or proof-of-concept
  • What could an attacker do with this?
  • Any ideas how to fix it?

Coordinated Disclosure

We will keep reported vulnerabilities private until a fix is available and coordinate the disclosure timeline with you. We aim to respond as quickly as possible.

Reference in New Issue View Git Blame Copy Permalink