kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2026-06-09 03:44:57 +00:00
Code Issues Projects Releases Wiki Activity

Update security reporting guidelines in security.md

Browse Source 
Clarified instructions for reporting false security issues.

Signed-off-by: James Cole <james@firefly-iii.org>
This commit is contained in:
James Cole
2026-05-16 20:05:44 +02:00
committed by GitHub
parent c394034876
commit 2a68c48e2a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/security.md vendored
View File

@@ -10,7 +10,7 @@ disclosure and response policy to ensure that critical issues are responsibly ha
1. Any SSRF in any user provided URL field (webhooks, ntfy, SimpleFIN, Slack). It's by design that users may set-up any URL they want, be it internal, private or non-existing.
2. Any XSS issue without a viable attack tree. If you can find a spot where Firefly III or the associated tools render unescaped data, it's not a security issue unless you can show me an actual attack that gets that data into the system.
3. Any issue that is not true. AI models have already *hallucinated* security issues in Firefly III. They've referred to **non-existing** functions, templates and files. Including line numbers and code excerpts. Validate your findings.
3. Any issue that is not true. AI models have already *hallucinated* security issues in Firefly III. They've referred to **non-existing** functions, templates and files. Including line numbers and code excerpts. Validate your findings before you report them to me.
## Supported versions