Skip to content

Security: cednore/trilium

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Please send a detailed mail to [email protected] to report vulnerabilities in this repository.

Even when unsure whether the bug in question is an exploitable vulnerability, it is recommended to submit an issue and attach security label.

Critical vulnerabilities are expected to be discussed only on email threads, and not in public, until the official announcement has been made.

Examples for details to include:

  • Ideally a short description (or a script) to demonstrate an exploit.
  • The affected platforms and scenarios (the vulnerability might only affect setups with case-sensitive file systems, for example).
  • The name and affiliation of the security researchers who are involved in the discovery, if any.
  • Whether the vulnerability has already been disclosed.
  • How long an embargo would be required to be safe.

There aren’t any published security advisories