apunkt/invisible_playwright
1
0
Fork 0
mirror of https://github.com/feder-cr/invisible_playwright.git synced 2026-06-25 09:28:05 +02:00
Code Issues Projects Releases Packages Wiki Activity

docs: rewrite SECURITY.md, add disclaimer, remove LLM language

Browse source
This commit is contained in:
feder-cr 2026-06-25 04:22:39 +02:00
parent 82eb22634e
commit 02b5f397ad
1 changed files with 22 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

51
SECURITY.md
View file

@ -1,8 +1,12 @@
# Security Policy
## Disclaimer
This is an educational project. It is provided as-is, with no warranties. The maintainers take no responsibility for how it is used. Use it at your own risk and in compliance with the laws of your jurisdiction.
## Supported versions
Only the latest release on `main` receives security fixes.
Only the latest release on `main` receives fixes.
| Version | Supported |
|---------|-----------|
@ -11,44 +15,33 @@ Only the latest release on `main` receives security fixes.
## Reporting a vulnerability
**Please do not report security issues via public GitHub issues, discussions, or pull requests.**
Do not report security issues via public GitHub issues, discussions, or pull requests.
Use one of the following private channels:
Send a report to `federico.elia.majo@gmail.com` with subject prefix `[security][invisible_playwright]`.
1. **GitHub Private Vulnerability Reporting** (preferred): open an advisory at https://github.com/feder-cr/invisible_playwright/security/advisories/new
2. **Email**: `federico.elia.majo@gmail.com` with subject prefix `[security][invisible_playwright]`
Include:
Please include:
- A clear description of the issue and impact
- Steps to reproduce (minimal repro preferred)
- The version of `invisible_playwright` and OS where it was observed
- Whether you have a suggested fix
## What to expect
- Acknowledgement of your report within **7 days**
- An initial assessment and tracking issue (private) within **14 days**
- Coordinated disclosure: a fix and public advisory are released together; reporters are credited unless they prefer to remain anonymous
- What the issue is and what it affects
- Steps to reproduce
- Version of `invisible_playwright` and OS
- Fix suggestion if you have one
## Scope
In scope:
- The Python wrapper `invisible_playwright` (this repo)
- The binary download/verification flow (SHA256 pinning, fetch endpoints)
- The Python wrapper (this repo)
- The binary download and verification flow
- The CLI
Out of scope here (report to the relevant project):
Out of scope:
- Vulnerabilities in the patched Firefox C++ source — open a private report at [feder-cr/invisible_firefox](https://github.com/feder-cr/invisible_firefox/security/advisories/new)
- Vulnerabilities in upstream Firefox / mozilla-central — report to Mozilla per https://www.mozilla.org/security/
- Vulnerabilities in third-party dependencies (`playwright`, `requests`, etc.) — report to those projects directly
- Vulnerabilities in the patched Firefox source — report to [feder-cr/invisible_firefox](https://github.com/feder-cr/invisible_firefox/security/advisories/new)
- Upstream Firefox / mozilla-central — report to Mozilla directly
- Third-party dependencies — report to those projects
## Out of scope
Not security issues:
- Reports that the browser is detected by a specific anti-bot service — open a regular GitHub issue, this is a product-quality concern, not a security one
- Social engineering of maintainers
- Denial of service requiring physical access or local privileged access
Thank you for helping keep the project and its users safe.
- The browser being detected by an anti-bot service — open a regular issue
- Social engineering
- DoS requiring physical or local privileged access