WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Security: tinode/chat

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Please report a vulnerability to [email protected].

Do NOT to report:

  • Firebase initialization tokens. The Firebase tokens are really public: they must be distributed with the client applications and consequently are not private by design.
  • Exposed /pprof and/or /expvar. We know they are exposed. It's intentional and harmless.
  • Exposed Prometheus metrics /metrics. Like above, it's intentional and harmless.
  • DMARC policy is not enabled p=none. We know and that's the way we like it for now.
  • Weak cipher suites (TLS 1.0) at *.tinode.co. Yes, we know. Does not look serious/important.

There aren’t any published security advisories