If you believe you found a security issue in this repository itself, please report it privately rather than opening a public issue first.
You can report it by contacting the maintainer:
- GitHub: @dpacassi
If you prefer, replace the contact above with a dedicated security email address.
This repository is primarily a curated documentation/reference project. That means most security concerns related to Drupal core, contributed modules, themes, hosting, or your own Drupal project do not belong here.
This policy is mainly for repository-specific issues such as:
- malicious or unsafe links introduced into the repository
- accidentally committed secrets
- unsafe files or content added to the repository
- repository configuration issues that could create a real security risk
Please do not use this repository to report:
- Drupal core security vulnerabilities
- contributed module or theme security vulnerabilities
- vulnerabilities in third-party services linked from the README
- security issues in your own Drupal site or infrastructure
For those, please use the appropriate official channels.
If your report is about Drupal core or a contributed Drupal project, please follow the official Drupal security process:
Because this is a small maintainer-led repository, response times may vary. Good-faith reports will be reviewed as soon as reasonably possible.
If the report is valid and repository-specific, the maintainer may:
- remove or update affected content
- rotate or revoke exposed secrets if relevant
- adjust repository settings
- publish a fix without disclosing sensitive details first
Please avoid public disclosure until the issue has been reviewed and, where appropriate, mitigated.
Thank you for helping keep this repository safe.