Skip to content

Security: journeyjt/BardicInspiration

SECURITY.md

Security Policy

Reporting a Vulnerability

We take the security of Bardic Inspiration seriously. If you discover a security vulnerability, please follow these steps:

  1. DO NOT create a public GitHub issue for the vulnerability
  2. Send a detailed report to the module maintainer through:
    • GitHub Security Advisories (preferred)
    • Direct message on Discord
    • Private message on the FoundryVTT Discord server

What to Include in Your Report

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact
  • Suggested fix (if you have one)

What to Expect

  • Acknowledgment of your report within 48 hours
  • Regular updates on the progress of addressing the vulnerability
  • Credit in the release notes (unless you prefer to remain anonymous)

Security Best Practices for Users

  1. Keep the module updated: Always use the latest version
  2. Trust your players: This module allows players to control YouTube playback
  3. Review permissions: Ensure only trusted users have GM privileges
  4. Monitor usage: Keep an eye on the DJ controls and queue management

Known Security Considerations

  • YouTube Content: This module plays YouTube videos. Ensure content is appropriate for your gaming group
  • Network Communication: The module uses FoundryVTT's socket system for real-time sync
  • No External Servers: All communication happens through your FoundryVTT server
  • No Data Collection: This module does not collect or transmit any user data

Dependencies

This module relies on:

  • FoundryVTT's built-in security measures
  • YouTube's iframe API (subject to YouTube's security policies)
  • Browser security features for iframe sandboxing

Contact

For security concerns, please reach out through the channels mentioned above.

Thank you for helping keep Bardic Inspiration and the FoundryVTT community safe!

There aren't any published security advisories