Skip to content

Create SECURITY.md for security policy#326

Open
tanakauo wants to merge 1 commit into
openai:mainfrom
tanakauo:patch-1
Open

Create SECURITY.md for security policy#326
tanakauo wants to merge 1 commit into
openai:mainfrom
tanakauo:patch-1

Conversation

@tanakauo
Copy link
Copy Markdown

@tanakauo tanakauo commented May 16, 2026

Added a security policy document outlining supported versions and vulnerability reporting.

@tanakauo
Create SECURITY.md for security policy
2477b5a 
Added a security policy document outlining supported versions and vulnerability reporting.
@tanakauo tanakauo requested a review from a team May 16, 2026 15:47
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed May 16, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2477b5a09e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread SECURITY.md
Comment on lines +10 to +13
| 5.1.x | :white_check_mark: |
| 5.0.x | :x: |
| 4.0.x | :white_check_mark: |
| < 4.0 | :x: |
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Align the supported version table with actual releases

This policy declares 5.1.x and 4.0.x as supported security branches even though the package metadata and release manifests in this repo are on 1.0.4, and repo-wide search only finds 1.x release metadata. Once GitHub displays this SECURITY.md, users will be told to expect fixes for non-existent/unsupported release lines while the current 1.x line is not listed as supported, so the table should be replaced with the project's real supported version policy.

Useful? React with 👍 / 👎.

Comment thread SECURITY.md
Comment on lines +17 to +21
Use this section to tell people how to report a vulnerability.

Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Provide an actual vulnerability reporting path

This leaves the GitHub template placeholder instead of a contact address, private advisory link, or other reporting instructions. In the scenario this file is published as the repository security policy, reporters still have no actionable place to send vulnerabilities or know the expected response process, defeating the purpose of adding SECURITY.md.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tanakauo