Initial Minecraft Renew Mod workspace
This commit is contained in:
ToxicCrzay270
31
SECURITY.md
Normal file
31
SECURITY.md
Normal file
@@ -0,0 +1,31 @@
|
||||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
| Version | Supported |
|
||||
| --- | --- |
|
||||
| Latest port workspace | Yes |
|
||||
|
||||
## Reporting A Vulnerability
|
||||
|
||||
Report security issues privately to the repository owner.
|
||||
|
||||
Do not include secrets, private credentials, server tokens, private modpack data, or production server data in public issues.
|
||||
|
||||
## Project Security Principles
|
||||
|
||||
- Keep secrets, tokens, `.env` files, certificates, private keys, and local server credentials out of the repository.
|
||||
- Keep Minecraft run data, logs, local worlds, and generated build outputs out of version control.
|
||||
- Document external dependency repositories in Gradle build files.
|
||||
- Build release artifacts reproducibly with the Gradle Wrapper and Java 21.
|
||||
- Run dependency review and release checks before publishing artifacts.
|
||||
|
||||
## Current Scope
|
||||
|
||||
The active mod changes Create Hose Pulley fluid-draining behavior through NeoForge configuration and mixins. Security review should focus on:
|
||||
|
||||
- unexpected file writes,
|
||||
- unsafe external network calls,
|
||||
- accidental inclusion of local worlds or logs,
|
||||
- dependency and loader version drift,
|
||||
- release artifact contents.
|
||||
Reference in New Issue
Block a user