From dda4736d33e67aab1ebbd7d0591bc58373b4ccb2 Mon Sep 17 00:00:00 2001 From: Rotem Reiss Date: Wed, 1 Apr 2026 12:00:00 +0800 Subject: [PATCH] Create SECURITY.md (#1719) * Create SECURITY.md * Format fix * Update SECURITY.md * Update SECURITY.md * Update SECURITY.md Co-authored-by: Paul D'Ambra * Update SECURITY.md mention the google group is private * Update SECURITY.md * Update SECURITY.md formatting --------- Co-authored-by: Yun Feng Co-authored-by: Paul D'Ambra Co-authored-by: Eoghan Murray --- SECURITY.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..130691bc --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,15 @@ +# Vulnerability Disclosure Policy + +This document outlines rrweb's vulnerability disclosure policy. + +## Reporting a Vulnerability + +Please do not report security vulnerabilities through public GitHub issues. +Instead, please report them to our GitHub Security page. If you prefer to submit one without using GitHub, you can also email the +private Google Group rrweb-security@googlegroups.com, which will go to the core team members only. We commit to acknowledging +vulnerability reports and will work to fix active vulnerabilities as soon as we can (noting this is a community run project). + +We will publish resolved vulnerabilities as security advisories on our GitHub security page. + +We appreciate your help in making rrweb more secure for everyone. +Thank you for your support and responsible disclosure.