Files
RedBear-OS/recipes/libs/nghttp2/source/third-party/mruby/SECURITY.md
T
vasilito ff4ff35918 feat: track all source trees in git — full fork offline-first model
Red Bear OS is a full fork. All sources must be available from git clone
with zero network access. Removed gitignore rules that excluded fetched
source trees under recipes/*/source/, local/recipes/kde/*/source/,
local/recipes/qt/*/source/, and vendor source trees.

Build artifacts (target/, build/, source.tar, *.o, *.so) remain excluded.

127291 files added — kernel, relibc, base, bootloader, pkgar, all KDE/Qt
frameworks, mesa, wayland, DRM drivers, and every other recipe source.
2026-05-14 10:55:53 +01:00

554 B

Security Policy

Reporting a Vulnerability

If you have any security concern, contact matz@ruby.or.jp.

Scope

We consider the following issues as vulnerabilities:

  • Remote code execution
  • Crash caused by a valid Ruby script

We don't consider the following issues as vulnerabilities:

  • Runtime C undefined behavior (including integer overflow)
  • Crash caused by misused API
  • Crash caused by modified compiled binary
  • ASAN/Valgrind warning for too big memory allocation mruby assumes malloc(3) returns NULL for too big allocations