Security Policy of latexgit
1. Introduction
Thank you for supporting the latexgit
, a Python package for making files from git
repositories accessible in LaTeX
by helping to make it safer.
latexgit
should only be used as a component in safe and secure environments. None of its API should be exposed via the network or in any other way that might constitute a security risk. Nevertheless, we take the security of our latexgit
seriously.
2. Reporting of Issues
If you believe you have found a security vulnerability in latexgit
, please report it to us privately. Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests. Instead, please send an email to tweise@hfuu.edu.cn with CC to tweise@ustc.edu.cn.
Please include as much of the information listed below as you can to help us better understand and resolve the issue:
- The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
This information will help us triage your report more quickly.