21 lines
972 B
Markdown
21 lines
972 B
Markdown
# Reporting Security Issues
|
|
|
|
If you discover a security issue in Misskey, please report it by **[this form](https://github.com/misskey-dev/misskey/security/advisories/new)**.
|
|
|
|
This will allow us to assess the risk, and make a fix available before we add a
|
|
bug report to the GitHub repository.
|
|
|
|
Thanks for helping make Misskey safe for everyone.
|
|
|
|
> [!note]
|
|
> CNA [requires](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_5-2_Description) that CVEs include a description in English for inclusion in the CVE Catalog.
|
|
>
|
|
> When creating a security advisory, all content must be written in English (it is acceptable to include a non-English description along with the English one).
|
|
|
|
## When create a patch
|
|
|
|
If you can also create a patch to fix the vulnerability, please create a PR on the private fork.
|
|
|
|
> [!note]
|
|
> There is a GitHub bug that prevents merging if a PR not following the develop branch of upstream, so please keep follow the develop branch.
|