JonKazama-Hellion
699d4ede1d
Add .prettierrc.json, .markdownlint.json, .yamllint.yaml, .gitattributes Run CSharpier, Prettier and markdownlint across the entire codebase. No logic changes — formatting, using order and line endings only.
46 lines
1.6 KiB
Markdown
46 lines
1.6 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you find a security issue in HellionChat, please do not open a public Gitea issue. Use one of the private channels
|
|
below so I can investigate and ship a fix before the details go public.
|
|
|
|
**Preferred:**
|
|
|
|
| Channel | Address |
|
|
| ---------- | -------------------------- |
|
|
| Email | `kontakt@hellion-media.de` |
|
|
| Discord DM | `@j.j_kazama` |
|
|
|
|
For urgent disclosures (active exploitation, user-data exposure) email is the fastest path.
|
|
|
|
I respond on weekdays during European business hours.
|
|
|
|
## Scope
|
|
|
|
### In scope
|
|
|
|
- Code paths that touch user-controlled input (chat messages, plugin config, file paths the user can influence)
|
|
- The privacy filter in `MessageStore.cs` and the export pipeline
|
|
- The configuration migration logic
|
|
- The `EmoteCache` HTTP client and path handling
|
|
- The Auto-Tell-Tabs spawn logic and history preload
|
|
|
|
### Out of scope
|
|
|
|
- Issues in upstream Chat 2 that HellionChat has not modified — report those at
|
|
<https://github.com/Infiziert90/ChatTwo/issues>
|
|
- Issues in Dalamud itself — those go to <https://github.com/goatcorp/Dalamud>
|
|
- Issues in the FFXIV game client
|
|
- Anything that requires the user to install a malicious plugin first
|
|
|
|
## Disclosure Window
|
|
|
|
I aim to ship a fix within 14 days for high-severity issues and within 30 days for everything else. If a fix needs more
|
|
time I will say so in the private thread.
|
|
|
|
## Credits
|
|
|
|
Everyone who reports a real issue gets listed in the changelog of the release that fixes it, unless they prefer to stay
|
|
anonymous. No bug bounty, nothing financial — this is a hobby plugin.
|