File tree Expand file tree Collapse file tree 1 file changed +17
-0
lines changed Expand file tree Collapse file tree 1 file changed +17
-0
lines changed Original file line number Diff line number Diff line change 4949- [ Type casting] ( #type-casting )
5050- [ Connection Flags] ( #connection-flags )
5151- [ Debugging and reporting problems] ( #debugging-and-reporting-problems )
52+ - [ Security issues] ( #security-issues )
5253- [ Contributing] ( #contributing )
5354- [ Running tests] ( #running-tests )
5455- [ Todo] ( #todo )
@@ -1410,6 +1411,22 @@ will have:
14101411* As much debugging output and information about your environment (mysql
14111412 version, node version, os, etc.) as you can gather.
14121413
1414+ ## Security issues
1415+
1416+ Security issues should not be first reported through GitHub or another public
1417+ forum, but kept private in order for the collaborators to assess the report
1418+ and either (a) devise a fix and plan a release date or (b) assert that is not
1419+ not a security issues (in which case it can be posted in a public forum, like
1420+ a GitHub issue).
1421+
1422+ The primary private forum is email, either by emailing the module's author or
1423+ opening a GitHub issue simply asking to whom a security issues should be
1424+ addresses to without disclosing the issue or type of issue.
1425+
1426+ An ideal report would include a clear indication of what the security issue is
1427+ and how it would be exploited, ideally with an accompaning proof of concept
1428+ ("PoC") for collaborators to work again and validate potentional fixes against.
1429+
14131430## Contributing
14141431
14151432This project welcomes contributions from the community. Contributions are
You can’t perform that action at this time.
0 commit comments