|
1 | | -# Security Policy |
| 1 | +# Reporting Security Issues |
| 2 | +If you believe you have found a security vulnerability, please report it to us through coordinated disclosure. |
2 | 3 |
|
3 | | -## Supported Versions |
| 4 | +Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests. |
4 | 5 |
|
5 | | -| Version | Supported | |
6 | | -| ------- | ------------------ | |
7 | | -| latest commit | :white_check_mark: | |
8 | | -| any other version | :x: | |
| 6 | +Instead, please send an email to [email protected] |
9 | 7 |
|
10 | | -## Well-known bugs |
11 | | -- we know the files are being transmitted via http, we're highly screwed since the tvs don't support https. |
12 | | -- there is no token to request the files: and after so much they can do mitm (read the point above) |
13 | | -- docker only goes if I use the host network, tell the pychromecast people how to do it without it, and I do it. |
| 8 | +Please include as much of the information listed below as you can to help us better understand and resolve the issue: |
14 | 9 |
|
15 | | -## How to contact me |
16 | | -on github somewhere you can click to contact me, but I don't give money anyway so don't bust my balls. |
| 10 | + The type of issue |
| 11 | + Full paths of source file(s) related to the manifestation of the issue |
| 12 | + The location of the affected source code (tag/branch/commit or direct URL) |
| 13 | + Any special configuration required to reproduce the issue |
| 14 | + Step-by-step instructions to reproduce the issue |
| 15 | + Proof-of-concept or exploit code (if possible) |
| 16 | + Impact of the issue, including how an attacker might exploit the issue |
| 17 | + |
| 18 | +This information will help us triage your report more quickly. |
| 19 | + |
| 20 | +# Well-known weakness |
| 21 | +- Media are transmitted via http by design, as many devices lack support for https |
0 commit comments