Skip to content

Security: rayners/fvtt-journeys-and-jamborees

Security

SECURITY.md

Security Policy

Supported Versions

We provide security updates for the following versions:

Version Supported
0.1.x
< 0.1

Reporting a Vulnerability

If you discover a security vulnerability in Journeys & Jamborees, please report it responsibly:

How to Report

  1. Do not create a public GitHub issue for security vulnerabilities
  2. Email security details to: rayners@gmail.com
  3. Include:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if any)

What to Expect

  • Initial Response: Within 48 hours
  • Status Updates: Every 5 business days
  • Resolution Timeline: Varies by severity
    • Critical: 1-7 days
    • High: 1-4 weeks
    • Medium/Low: 1-3 months

Security Considerations

This module handles:

  • Actor data and permissions
  • User-generated content in party notes
  • Module settings and configurations

Common security concerns:

  • Cross-site scripting (XSS) in user inputs
  • Permission bypasses
  • Data exposure between users

Thank you for helping keep Journeys & Jamborees secure!

There aren’t any published security advisories