aiden
/
memos
mirror of https://github.com/usememos/memos
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
v0.0.1
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.11.0
v0.11.1
v0.11.2
v0.12.0
v0.12.1
v0.12.2
v0.13.0
v0.13.1
v0.13.2
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.14.4
v0.15.0
v0.15.1
v0.15.2
v0.16.0
v0.16.1
v0.17.0
v0.17.1
v0.18.0
v0.18.1
v0.18.2
v0.19.0
v0.19.1
v0.2.0
v0.2.1
v0.2.2
v0.20.0
v0.20.1
v0.21.0
v0.22.0
v0.22.1
v0.22.2
v0.22.3
v0.22.4
v0.22.5
v0.23.0
v0.23.0-rc.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.24.0
v0.24.1
v0.24.2
v0.24.3
v0.24.4
v0.25.0
v0.25.1
v0.25.2
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.5.0
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.9.0
v0.9.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b78d4c2568'
${ noResults }
memos/SECURITY.md

1.5 KiB
Raw Blame History

Security Policy

Project Status

Memos is currently in beta (v0.x). While we take security seriously, we are not yet ready for formal CVE assignments or coordinated disclosure programs.

Reporting Security Issues

For All Security Concerns:

Please report via email only: usememos@gmail.com

DO NOT open public GitHub issues for security vulnerabilities.

Include in your report:

  • Description of the issue
  • Steps to reproduce
  • Affected versions
  • Your assessment of severity

What to Expect:

  • We will acknowledge your report as soon as we can
  • Fixes will be included in regular releases without special security advisories
  • No CVEs will be assigned during the beta phase
  • Credit will be given in release notes if you wish

For Non-Security Bugs:

Use GitHub issues for functionality bugs, feature requests, and general questions.

Philosophy

As a beta project, we prioritize:

  1. Rapid iteration over lengthy disclosure timelines
  2. Quick patches over formal security processes
  3. Transparency about our beta status

We plan to implement formal vulnerability disclosure and CVE handling after reaching v1.0 stable.

Self-Hosting Security

Since Memos is self-hosted software:

  • Keep your instance updated to the latest release
  • Don't expose your instance directly to the internet without authentication
  • Use reverse proxies (nginx, Caddy) with rate limiting
  • Review the deployment documentation for security best practices

Thank you for helping improve Memos!