From fd6c23fbf4d417c46d6fb23d2add75820a46d127 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Sun, 9 Feb 2025 10:21:02 +0530 Subject: [PATCH] Update SECURITY.md --- .github/SECURITY.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index e485605a4..ea6331dda 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -1,5 +1,12 @@ + # Security Policy +> **[IMPORTANT NOTICE - February 9, 2025]** +> reNgine is currently undergoing a major refactoring to address all XSS-related vulnerabilities. While we are committed to security, we are temporarily suspending new XSS vulnerability reports until this refactoring is complete. We will continue to accept and investigate all other types of security vulnerabilities. Thank you for your understanding and continued support in making reNgine more secure. +> +> Please note that most reported XSS vulnerabilities in reNgine affect on-premise installations with limited exploitability. Nevertheless, we are committed to fixing these issues systematically through our ongoing refactoring effort. + + We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions. To report a security vulnerability, please follow these steps: