Files
RedBear-OS/recipes/libs/nghttp2/source/third-party/mruby/SECURITY.md
T
vasilito ff4ff35918 feat: track all source trees in git — full fork offline-first model
Red Bear OS is a full fork. All sources must be available from git clone
with zero network access. Removed gitignore rules that excluded fetched
source trees under recipes/*/source/, local/recipes/kde/*/source/,
local/recipes/qt/*/source/, and vendor source trees.

Build artifacts (target/, build/, source.tar, *.o, *.so) remain excluded.

127291 files added — kernel, relibc, base, bootloader, pkgar, all KDE/Qt
frameworks, mesa, wayland, DRM drivers, and every other recipe source.
2026-05-14 10:55:53 +01:00

21 lines
554 B
Markdown

# Security Policy
## Reporting a Vulnerability
If you have any security concern, contact <matz@ruby.or.jp>.
## Scope
We consider the following issues as vulnerabilities:
- Remote code execution
- Crash caused by a valid Ruby script
We _don't_ consider the following issues as vulnerabilities:
- Runtime C undefined behavior (including integer overflow)
- Crash caused by misused API
- Crash caused by modified compiled binary
- ASAN/Valgrind warning for too big memory allocation
mruby assumes `malloc(3)` returns `NULL` for too big allocations