Toxic/minecraft-renew-mod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
minecraft-renew-mod/SECURITY.md
ToxicCrzay270 5e6a3e0450
Some checks failed
Build / build (push) Successful in 6m29s
Details
Release Dry Run / release-dry-run (push) Failing after 11s
Details
Codex Template Compliance / template-compliance (push) Successful in 4s
Details
Initial Minecraft Renew Mod workspace
2026-05-15 00:42:16 +02:00

1.1 KiB
Raw Permalink Blame History

Security Policy

Supported Versions

Version Supported
Latest port workspace Yes

Reporting A Vulnerability

Report security issues privately to the repository owner.

Do not include secrets, private credentials, server tokens, private modpack data, or production server data in public issues.

Project Security Principles

  • Keep secrets, tokens, .env files, certificates, private keys, and local server credentials out of the repository.
  • Keep Minecraft run data, logs, local worlds, and generated build outputs out of version control.
  • Document external dependency repositories in Gradle build files.
  • Build release artifacts reproducibly with the Gradle Wrapper and Java 21.
  • Run dependency review and release checks before publishing artifacts.

Current Scope

The active mod changes Create Hose Pulley fluid-draining behavior through NeoForge configuration and mixins. Security review should focus on:

  • unexpected file writes,
  • unsafe external network calls,
  • accidental inclusion of local worlds or logs,
  • dependency and loader version drift,
  • release artifact contents.
Reference in New Issue View Git Blame Copy Permalink