Bommels05/Modrinth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: Bommels05:main
Branches Tags
Bommels05:main
Bommels05:cal/dev-136
Bommels05:josiah/rust-updates
Bommels05:alex/labrinth-v3-bulk-loader-field-edit
Bommels05:alex/db-seeding-script-and-docs
Bommels05:fetch/offer-redemption-preview-subscriptions
Bommels05:josiah/non-admin-install
Bommels05:alex/remove-trailing-spaces-in-labrinth-docs
Bommels05:cal/server-panel-refactor
Bommels05:cal/dev-216
Bommels05:cal/fix-jade-issue
Bommels05:cal/dev-124-project-validation
Bommels05:cal/medal-frontend-impls
Bommels05:cal/dev-215
Bommels05:cal/dependency-injection
Bommels05:prod
Bommels05:coolbot/moderation-updates-aug1
Bommels05:prospector/move-inmobi-privacy-link
Bommels05:jade/fix-moderation-side-types-dead-link
Bommels05:coolbot/moderation-improvements
Bommels05:app-updater-rework
Bommels05:alex/surveys
Bommels05:revert-3970-cal/dev-124-project-validation
Bommels05:josiah/color-ci-intl-extract
Bommels05:coolbot/moderation-fix-incorrect-project-types
Bommels05:blacksmith-migration-90043fe
Bommels05:security-txt
Bommels05:josiah/fix-java-8-build
Bommels05:cal/dev-76-set-up-automatic-codeowners-generation
Bommels05:cal/dev-46-servers-scheduling-frontend
Bommels05:alex/skin-selector-backend
Bommels05:alex/auth-profile-extensions
Bommels05:cal/dev-64-allow-switching-between-different-billing-intervals
Bommels05:fetch/include-region-in-subscription-metadata
Bommels05:chore/posthog-ingestion
Bommels05:app-users-orgs-and-more
Bommels05:cache-alias-fix
Bommels05:self-hosted-runner
Bommels05:ntex
Bommels05:shared-instance
Bommels05:issue-template-fixes
Bommels05:plus-theme
Bommels05:shared-profiles-backend
Bommels05:home-refresh
Bommels05:v0.10.3
Bommels05:v0.10.2
Bommels05:v0.10.1
Bommels05:v0.10.0
Bommels05:v0.9.5
Bommels05:v0.9.4
Bommels05:v0.9.3
Bommels05:v0.9.2
Bommels05:v0.9.1
Bommels05:v0.9.0
Bommels05:v0.8.8
Bommels05:v0.8.9
Bommels05:v0.8.7
Bommels05:pre-monorepo
Bommels05:v0.7.1
Bommels05:v0.7.0
Bommels05:v0.6.3
Bommels05:v0.6.2
Bommels05:v0.6.1
Bommels05:v0.6.0
Bommels05:v0.5.4
Bommels05:v0.5.2
Bommels05:v0.5.1
Bommels05:v0.4.0
...
pull from: Bommels05:security-txt
Branches Tags
Bommels05:cal/dev-136
Bommels05:josiah/rust-updates
Bommels05:alex/labrinth-v3-bulk-loader-field-edit
Bommels05:alex/db-seeding-script-and-docs
Bommels05:fetch/offer-redemption-preview-subscriptions
Bommels05:josiah/non-admin-install
Bommels05:main
Bommels05:alex/remove-trailing-spaces-in-labrinth-docs
Bommels05:cal/server-panel-refactor
Bommels05:cal/dev-216
Bommels05:cal/fix-jade-issue
Bommels05:cal/dev-124-project-validation
Bommels05:cal/medal-frontend-impls
Bommels05:cal/dev-215
Bommels05:cal/dependency-injection
Bommels05:prod
Bommels05:coolbot/moderation-updates-aug1
Bommels05:prospector/move-inmobi-privacy-link
Bommels05:jade/fix-moderation-side-types-dead-link
Bommels05:coolbot/moderation-improvements
Bommels05:app-updater-rework
Bommels05:alex/surveys
Bommels05:revert-3970-cal/dev-124-project-validation
Bommels05:josiah/color-ci-intl-extract
Bommels05:coolbot/moderation-fix-incorrect-project-types
Bommels05:blacksmith-migration-90043fe
Bommels05:security-txt
Bommels05:josiah/fix-java-8-build
Bommels05:cal/dev-76-set-up-automatic-codeowners-generation
Bommels05:cal/dev-46-servers-scheduling-frontend
Bommels05:alex/skin-selector-backend
Bommels05:alex/auth-profile-extensions
Bommels05:cal/dev-64-allow-switching-between-different-billing-intervals
Bommels05:fetch/include-region-in-subscription-metadata
Bommels05:chore/posthog-ingestion
Bommels05:app-users-orgs-and-more
Bommels05:cache-alias-fix
Bommels05:self-hosted-runner
Bommels05:ntex
Bommels05:shared-instance
Bommels05:issue-template-fixes
Bommels05:plus-theme
Bommels05:shared-profiles-backend
Bommels05:home-refresh
Bommels05:v0.10.3
Bommels05:v0.10.2
Bommels05:v0.10.1
Bommels05:v0.10.0
Bommels05:v0.9.5
Bommels05:v0.9.4
Bommels05:v0.9.3
Bommels05:v0.9.2
Bommels05:v0.9.1
Bommels05:v0.9.0
Bommels05:v0.8.8
Bommels05:v0.8.9
Bommels05:v0.8.7
Bommels05:pre-monorepo
Bommels05:v0.7.1
Bommels05:v0.7.0
Bommels05:v0.6.3
Bommels05:v0.6.2
Bommels05:v0.6.1
Bommels05:v0.6.0
Bommels05:v0.5.4
Bommels05:v0.5.2
Bommels05:v0.5.1
Bommels05:v0.4.0

13 Commits
main ... security-t

Author SHA1 Message Date
Prospector
1b08d2741b Merge remote-tracking branch 'origin/main' into security-txt 2025-07-09 15:50:02 -07:00
Erb3
e35981e4aa
Merge branch 'main' into security-txt 2025-03-12 20:50:25 +01:00
Erb3
4f3b4a55e2
docs(frontend) careers link in security.txt 
Signed-off-by: Erb3 <49862976+Erb3@users.noreply.github.com>
 2025-03-12 20:50:15 +01:00
Erb3
51c3797456
Merge branch 'main' into security-txt 2025-01-17 16:33:07 +01:00
Erb3
5f3200ce43
fix(frontend): extend security.txt expiry 
It takes so long to merge the PR :(

Signed-off-by: Erb3 <49862976+Erb3@users.noreply.github.com>
 2025-01-17 16:32:55 +01:00
Erb3
c4b0f7dcd1
Merge branch 'main' into security-txt 2024-12-07 10:37:07 +01:00
Erb3
c6dee57c40
Merge branch 'main' into security-txt 2024-10-24 17:56:21 +02:00
Erb3
8f29da5739
Merge branch 'main' into security-txt 2024-10-22 21:23:52 +02:00
Erb3
0bc5e954e4
Merge branch 'main' into security-txt 2024-10-20 18:04:58 +02:00
Erb3
7a3ca5fb45
Merge branch 'main' into security-txt 2024-08-26 20:46:33 +02:00
Erb3
28adcdd401
Merge branch 'main' into security-txt 2024-08-25 09:55:12 +02:00
Erb3
414bcaf348
fix(docs): reduce security.txt expiry 
This addresses a concern where the security.txt has a long expiration date. Someone could treat this as "use this until then", which we don't want since it's a long time. The specification recommends no longer than one year, as it is to mark as stale.

From the RFC:

> The "Expires" field indicates the date and time after which the data contained in the "security.txt" file is considered stale and should not be used (as per Section 5.3). The value of this field is formatted according to the Internet profiles of [ISO.8601-1] and [ISO.8601-2] as defined in [RFC3339]. It is RECOMMENDED that the value of this field be less than a year into the future to avoid staleness.

Signed-off-by: Erb3 <49862976+Erb3@users.noreply.github.com>
 2024-08-22 19:10:51 +02:00
Erb3
727b00855e
feat: add security.txt 
Security.txt is a well-known (pun intended) file among security researchers, so they don't have to go scavenging for your security information. More information is available on [securitytxt.org](https://securitytxt.org/).

I've set the following values:

- The email to contact with issues, `jai@modrinth.com`. This is the email stated in the security policy. If you wish to not include it here due to spam, you should also not have it as a `mailto` link in the security policy.
- Expiry is set to 2030. By this time Modrinth has become the biggest Minecraft mod distributor, and having expanded into other games. By this time they should also have updated this file.
- English is the preferred language
- The file is located at modrinth.com/.well-known/security.txt
- The security policy is at https://modrinth.com/legal/security

The following values have been left unset:

- PGP key, not sure where this would be located, if there is one
- Acknowledgments. Modrinth does currently not have a site for thanks
- Hiring, as it wants security-related positions
- CSAF, a Common Security Advisory Framework ?
 2024-08-22 17:30:32 +02:00
1 changed files with 6 additions and 0 deletions
Show Stats Expand all files Collapse all files

6
apps/frontend/src/public/.well-known/security.txt Normal file
View File

@ -0,0 +1,6 @@
Contact: mailto:jai@modrinth.com
Expires: 2025-12-31T00:00:00.000Z
Preferred-Languages: en
Canonical: https://modrinth.com/.well-known/security.txt
Policy: https://modrinth.com/legal/security
Hiring: https://careers.modrinth.com/