security contact
parent
d9d6fba757
commit
69802d2de3
|
@ -3,6 +3,7 @@ Frequently Asked Questions: https://github.com/epoberezkin/ajv/blob/master/FAQ.m
|
||||||
Please provide all info and reduce your schema and data to the smallest possible size.
|
Please provide all info and reduce your schema and data to the smallest possible size.
|
||||||
|
|
||||||
This template is for bug or error reports. For other issues please use:
|
This template is for bug or error reports. For other issues please use:
|
||||||
|
- security vulnerability: https://tidelift.com/security)
|
||||||
- a new feature/improvement: http://epoberezkin.github.io/ajv/contribute.html#changes
|
- a new feature/improvement: http://epoberezkin.github.io/ajv/contribute.html#changes
|
||||||
- browser/compatibility issues: http://epoberezkin.github.io/ajv/contribute.html#compatibility
|
- browser/compatibility issues: http://epoberezkin.github.io/ajv/contribute.html#compatibility
|
||||||
- JSON-Schema standard: http://epoberezkin.github.io/ajv/contribute.html#json-schema
|
- JSON-Schema standard: http://epoberezkin.github.io/ajv/contribute.html#json-schema
|
||||||
|
|
|
@ -5,6 +5,7 @@ Thank you for your help making Ajv better! Every contribution is appreciated. If
|
||||||
- [Documentation](#documentation)
|
- [Documentation](#documentation)
|
||||||
- [Issues](#issues)
|
- [Issues](#issues)
|
||||||
- [Bug reports](#bug-reports)
|
- [Bug reports](#bug-reports)
|
||||||
|
- [Security vulnerabilities](#security-vulnerabilities)
|
||||||
- [Change proposals](#changes)
|
- [Change proposals](#changes)
|
||||||
- [Browser and compatibility issues](#compatibility)
|
- [Browser and compatibility issues](#compatibility)
|
||||||
- [Installation and dependency issues](#installation)
|
- [Installation and dependency issues](#installation)
|
||||||
|
@ -44,6 +45,15 @@ Please include the link to the working code sample at Runkit.com (please clone h
|
||||||
[Create bug report](https://github.com/epoberezkin/ajv/issues/new?template=bug-or-error-report.md).
|
[Create bug report](https://github.com/epoberezkin/ajv/issues/new?template=bug-or-error-report.md).
|
||||||
|
|
||||||
|
|
||||||
|
#### Security vulnerabilities
|
||||||
|
|
||||||
|
To report a security vulnerability, please use the
|
||||||
|
[Tidelift security contact](https://tidelift.com/security).
|
||||||
|
Tidelift will coordinate the fix and disclosure.
|
||||||
|
|
||||||
|
Please do NOT report security vulnerability via GitHub issues.
|
||||||
|
|
||||||
|
|
||||||
#### <a name="changes"></a>Change proposals
|
#### <a name="changes"></a>Change proposals
|
||||||
|
|
||||||
[Create a proposal](https://github.com/epoberezkin/ajv/issues/new?template=change.md) for a new feature, option or some other improvement.
|
[Create a proposal](https://github.com/epoberezkin/ajv/issues/new?template=change.md) for a new feature, option or some other improvement.
|
||||||
|
|
13
README.md
13
README.md
|
@ -53,7 +53,11 @@ ajv.addMetaSchema(require('ajv/lib/refs/json-schema-draft-04.json'));
|
||||||
- [Defining custom keywords](#defining-custom-keywords)
|
- [Defining custom keywords](#defining-custom-keywords)
|
||||||
- [Asynchronous schema compilation](#asynchronous-schema-compilation)
|
- [Asynchronous schema compilation](#asynchronous-schema-compilation)
|
||||||
- [Asynchronous validation](#asynchronous-validation)
|
- [Asynchronous validation](#asynchronous-validation)
|
||||||
- [Security considerations](#security-considerations)
|
- [Security considerations](#security-considerations)
|
||||||
|
- [Security contact](#security-contact)
|
||||||
|
- [Untrusted schemas](#untrusted-schemas)
|
||||||
|
- [Circular references in objects](#circular-references-in-javascript-objects)
|
||||||
|
- [Trusted schemas](#security-risks-of-trusted-schemas)
|
||||||
- Modifying data during validation
|
- Modifying data during validation
|
||||||
- [Filtering data](#filtering-data)
|
- [Filtering data](#filtering-data)
|
||||||
- [Assigning defaults](#assigning-defaults)
|
- [Assigning defaults](#assigning-defaults)
|
||||||
|
@ -611,6 +615,13 @@ See [Options](#options).
|
||||||
JSON Schema, if properly used, can replace data sanitisation. It doesn't replace other API security considerations. It also introduces additional security aspects to consider.
|
JSON Schema, if properly used, can replace data sanitisation. It doesn't replace other API security considerations. It also introduces additional security aspects to consider.
|
||||||
|
|
||||||
|
|
||||||
|
##### Security contact
|
||||||
|
|
||||||
|
To report a security vulnerability, please use the
|
||||||
|
[Tidelift security contact](https://tidelift.com/security).
|
||||||
|
Tidelift will coordinate the fix and disclosure. Please do NOT report security vulnerability via GitHub issues.
|
||||||
|
|
||||||
|
|
||||||
##### Untrusted schemas
|
##### Untrusted schemas
|
||||||
|
|
||||||
Ajv treats JSON schemas as trusted as your application code. This security model is based on the most common use case, when the schemas are static and bundled together with the application.
|
Ajv treats JSON schemas as trusted as your application code. This security model is based on the most common use case, when the schemas are static and bundled together with the application.
|
||||||
|
|
Loading…
Reference in New Issue