35 lines
1.6 KiB
Markdown
35 lines
1.6 KiB
Markdown
# Security Policy
|
|
|
|
---
|
|
|
|
## Security Information
|
|
|
|
Please see this wiki page for important notices about ArchiveBox security, publishing your archives securely, and the dangers of executing archived JS:
|
|
|
|
https://github.com/ArchiveBox/ArchiveBox/wiki/Security-Overview
|
|
|
|
Also see this section of the README about important caveats when running ArchiveBox:
|
|
|
|
https://github.com/ArchiveBox/ArchiveBox?tab=readme-ov-file#caveats
|
|
|
|
You can also read these pages for more information about ArchiveBox's internals, development environment, DB schema, and more:
|
|
|
|
- https://github.com/ArchiveBox/ArchiveBox#archive-layout
|
|
- https://github.com/ArchiveBox/ArchiveBox#archivebox-development
|
|
- https://github.com/ArchiveBox/ArchiveBox/wiki/Upgrading-or-Merging-Archives
|
|
- https://github.com/ArchiveBox/ArchiveBox/wiki/Troubleshooting
|
|
|
|
---
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
We use Github's built-in [Private Reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) feature to accept vulnerability reports.
|
|
|
|
1. Go to the Security tab on our Github repo: https://github.com/ArchiveBox/ArchiveBox/security
|
|
|
|
2. Click the ["Report a Vulnerability"](https://github.com/ArchiveBox/ArchiveBox/security/advisories/new) button
|
|
|
|
3. Fill out the form to submit the details of the report and it will be securely sent to the maintainers
|
|
|
|
You can also contact the maintainers via our public [Zulip Chat Server zulip.archivebox.io](https://zulip.archivebox.io) or [Twitter DMs @ArchiveBoxApp](https://twitter.com/ArchiveBoxApp).
|