From 241ce8c3b7ea6884906d502a079a663c66d8a76e Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 17 Sep 2020 09:24:11 +0200 Subject: [PATCH] More complete security --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 3a022aa0167..2fb045209b4 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -69,7 +69,7 @@ ONLY vulnerabilities discovered, when the following setup on tested platform is * The module DebugBar must NOT be enabled (by default, this module is not enabled. This is a developer tool) * The module ModuleBuilder must NOT be enabled (by default, this module is not enabled. This is a developer tool) * The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be enabled soon by default) -* ONLY security reports on "stable" modules are allowed (troubles into "experimental" and "developement" modules are not accepted). +* ONLY security reports on modules provided by default and with the "stable" status are allowed (troubles into "experimental", "developement" or external modules are not accepted). Scope is the web application (back office) and the APIs.