Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork21.8k
docs: use global Security policy#6570
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:master
Are you sure you want to change the base?
Conversation
We should inherithttps://github.com/expressjs/.github/blob/master/SECURITY.md directly.
bjohansebas commentedJun 14, 2025
Then we should make references to treat mode in the global policy. I really thought that was the only reason it hadn't been done, because treat mode was only being referenced here |
Hardanish-Singh left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
LGTM!
bjohansebas left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Added a section on the Express Threat Model to the security policy.Related:expressjs/express#6570 (review)
UlisesGascon commentedSep 8, 2025
The PRexpressjs/.github#36 should unblock this PR (cc@bjohansebas ) |
bjohansebas left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
LGTM, minor concern: make sure there are no links redirecting to this file, and also please don’t merge untilexpressjs/.github#36 has been merged
We should inherithttps://github.com/expressjs/.github/blob/master/SECURITY.md directly.
Related#6427 (cc:@jonchurch,@bjohansebas )