JonKazama-Hellion/HellionChat
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Releases 42 Activity
Files
renovate/minor-and-patch-updates-(nuget)
HellionChat/SECURITY.md
T
JonKazama-Hellion 0220e5d756 chore(linting): refresh configs and sweep auto-fix 
Pull in the refreshed linter and tooling configs (editorconfig,
gitignore, gitattributes, prettierignore, prettierrc, markdownlint,
yamllint, env.example, dotnet-tools) and run prettier and markdownlint
in --fix / --write mode across the repo so the existing tree matches
the new rules.

- prettier 2-space indent on yaml/yml and json overrides, asterisk
  strong, underscore emphasis, proseWrap always
- markdownlint MD007 indent aligned to 2 and MD049 to underscore so
  prettier output stays passing
- preflight Block F also ignores CLAUDE.md (gitignored personal file)
- prettierignore extended to keep HellionChat.yaml manifest and the
  NuGet packages.lock.json out of the formatter

No semantic content changed; csharpier, build, full build-suite
(729/729) and the new prettier/markdownlint/yamllint checks all green.
2026-05-17 17:20:55 +02:00

47 lines
1.6 KiB
Markdown
Raw Permalink Blame History

# Security Policy
## Reporting a Vulnerability
If you find a security issue in HellionChat, please do not open a public Gitea issue. Use one of the
private channels below so I can investigate and ship a fix before the details go public.
**Preferred:**
| Channel | Address |
| ---------- | -------------------------- |
| Email | `kontakt@hellion-media.de` |
| Discord DM | `@j.j_kazama` |
For urgent disclosures (active exploitation, user-data exposure) email is the fastest path.
I respond on weekdays during European business hours.
## Scope
### In scope
- Code paths that touch user-controlled input (chat messages, plugin config, file paths the user can
influence)
- The privacy filter in `MessageStore.cs` and the export pipeline
- The configuration migration logic
- The `EmoteCache` HTTP client and path handling
- The Auto-Tell-Tabs spawn logic and history preload
### Out of scope
- Issues in upstream Chat 2 that HellionChat has not modified — report those at
<https://github.com/Infiziert90/ChatTwo/issues>
- Issues in Dalamud itself — those go to <https://github.com/goatcorp/Dalamud>
- Issues in the FFXIV game client
- Anything that requires the user to install a malicious plugin first
## Disclosure Window
I aim to ship a fix within 14 days for high-severity issues and within 30 days for everything else.
If a fix needs more time I will say so in the private thread.
## Credits
Everyone who reports a real issue gets listed in the changelog of the release that fixes it, unless
they prefer to stay anonymous. No bug bounty, nothing financial — this is a hobby plugin.
Reference in New Issue View Git Blame Copy Permalink