SolidOS takes the security of our repositories seriously. This includes all source code repositories managed through our GitHub organization. That said, members contribute on a volunteer basis, and the skills we have at hand fluctuate with each member.
If you believe you have found a security vulnerability in any SolidOS repository, please report it to us as described below.
These repositories contribute to the frontend you see on each solidcommunity.net Pod. The repositories have different purposes and offer different features.
- solid-logic — core business logic of SolidOS
- mashlib — a Solid-compatible code library of application-level functionality for the world of Solid
- solid-panes — a set of core Solid-compatible panes based on solid-ui
- solid-ui — User Interface widgets and utilities for Solid providing building blocks for Solid-based apps
Please report any security vulnerabilities through the public GitHub issues of the repository where you find the vulnerability. If a vulnerability spans multiple repos, please report it on the SolidOS repo itself.
Please include the following in your vulnerability report:
-
Impact What kind of vulnerability is it? Who is impacted?
-
Patches Has the problem been patched? What versions should users upgrade to?
-
Workarounds Is there a way for users to fix or remediate the vulnerability without upgrading?
-
References Are there any links users can visit to find out more?
-
Proposed solution Any suggested fix in the form of text or a PR is more than welcome
As a volunteer-based organization, we especially appreciate any PR which helps fix any vulnerability.
We prefer all communications to be in English.
Thank you to the following people for reporting vulnerabilities.
- Otto-AA