pacnpal/thrillwiki_django_no_react
1
1
Fork 0
mirror of https://github.com/pacnpal/thrillwiki_django_no_react.git synced 2025-12-22 16:51:09 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
2e35f8c5d9745d2781cbf5ed6f59fba1f841b435
thrillwiki_django_no_react/.github/SECURITY.md
pacnpal 2e35f8c5d9 feat: Refactor rides app with unique constraints, mixins, and enhanced documentation 
- Added migration to convert unique_together constraints to UniqueConstraint for RideModel.
- Introduced RideFormMixin for handling entity suggestions in ride forms.
- Created comprehensive code standards documentation outlining formatting, docstring requirements, complexity guidelines, and testing requirements.
- Established error handling guidelines with a structured exception hierarchy and best practices for API and view error handling.
- Documented view pattern guidelines, emphasizing the use of CBVs, FBVs, and ViewSets with examples.
- Implemented a benchmarking script for query performance analysis and optimization.
- Developed security documentation detailing measures, configurations, and a security checklist.
- Compiled a database optimization guide covering indexing strategies, query optimization patterns, and computed fields.
2025-12-22 11:17:31 -05:00

2.3 KiB
Raw Blame History

Security Policy

Supported Versions

Version Supported
latest
< latest

Only the latest version of ThrillWiki receives security updates.

Reporting a Vulnerability

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

How to Report

  1. Do not create a public GitHub issue for security vulnerabilities
  2. Email your report to the project maintainers
  3. Include as much detail as possible:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Affected versions
    • Any proof of concept (if available)

What to Expect

  • Acknowledgment: We will acknowledge receipt within 48 hours
  • Assessment: We will assess the vulnerability and its impact
  • Updates: We will keep you informed of our progress
  • Resolution: We aim to resolve critical vulnerabilities within 7 days
  • Credit: With your permission, we will credit you in our security advisories

Scope

The following are in scope for security reports:

  • ThrillWiki web application vulnerabilities
  • Authentication and authorization issues
  • Data exposure vulnerabilities
  • Injection vulnerabilities (SQL, XSS, etc.)
  • CSRF vulnerabilities
  • Server-side request forgery (SSRF)
  • Insecure direct object references

Out of Scope

The following are out of scope:

  • Denial of service attacks
  • Social engineering attacks
  • Physical security issues
  • Issues in third-party applications or services
  • Issues requiring physical access to a user's device
  • Vulnerabilities in outdated versions

Security Measures

ThrillWiki implements the following security measures:

  • HTTPS enforcement with HSTS
  • Content Security Policy
  • XSS protection with input sanitization
  • CSRF protection
  • SQL injection prevention via ORM
  • Rate limiting on authentication endpoints
  • Secure session management
  • JWT token rotation and blacklisting

For more details, see docs/SECURITY.md.

Security Updates

Security updates are released as soon as possible after a vulnerability is confirmed. We recommend:

  1. Keep your installation up to date
  2. Subscribe to release notifications
  3. Review security advisories

Contact

For security-related inquiries, please contact the project maintainers.

Reference in New Issue View Git Blame Copy Permalink