mirror of
https://github.com/siyuan-note/siyuan.git
synced 2026-06-28 06:46:12 +00:00
16 lines
665 B
Markdown
16 lines
665 B
Markdown
# Security report
|
|
|
|
If you find security-related vulnerabilities, please create a Security Advisories:
|
|
|
|
https://github.com/siyuan-note/siyuan/security/advisories/new
|
|
|
|
Some areas we don't consider security vulnerabilities:
|
|
|
|
* Arbitrary file write: Writing files outside the workspace path (e.g., exporting files) is a common user need
|
|
* Chart/Formula/ABC rendering code injection: This is a common user need, for details please refer to https://github.com/siyuan-note/siyuan/pull/6917
|
|
* SQL injection
|
|
* Pandoc Argument Injection: Allowing the setting of `--lua-filter` is a common user need
|
|
* SSRF `netImg2LocalAssets` / `netAssets2LocalAssets`
|
|
|
|
Thank you very much!
|