From 7bb9dd09c5617e217a24997ad9adb7ff3a063358 Mon Sep 17 00:00:00 2001 From: Evan You Date: Sun, 10 Oct 2021 17:38:37 -0400 Subject: [PATCH] chore: improve security.md [ci skip] --- SECURITY.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index ee59969f5..dac6018b5 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,7 @@ # Reporting a Vulnerability -Please send vulnerability reports to: security@vuejs.org +To report a vulnerability, please email security@vuejs.org. + +While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions of Vue and its official companion libraries to ensure your application remains as secure as possible. + +Please note that we do not consider XSS via template expressions a valid attack vector, because it can only happen if the user intentionally uses untrusted content as template compilation source. This is similar to knowingly pasting untrusted scripts into a browser console. We explicitly warn users against using untrusted content as template compilation source in our documentation.