From 68202620cfc28d098044494a8a070778686e3899 Mon Sep 17 00:00:00 2001 From: Sudo-Ivan Date: Sat, 10 Jan 2026 17:51:56 -0600 Subject: [PATCH] Update SECURITY --- SECURITY.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 0221831..4a996ec 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,9 +4,7 @@ If you discover a security vulnerability or have concerns about the security of Reticulum MeshChatX, please contact the lead developer using the following methods in order of preference: -1. **LXMF**: `7cc8d66b4f6a0e0e49d34af7f6077b5a` (Ideally) -2. **XMPP**: `ivan@chat.quad4.io` -3. **Email**: `ivan@quad4.io` +1. **LXMF**: `7cc8d66b4f6a0e0e49d34af7f6077b5a` ## Security Overview @@ -17,7 +15,7 @@ Reticulum MeshChatX is designed with a high degree of security in mind, leveragi - **ASAR Integrity Validation**: Utilizes Electron 39 features to protect the application against tampering. - **Backend Binary Verification**: Generates a SHA-256 manifest of the unpacked Python backend during build and verifies it on every startup. - **Data-at-Rest Integrity Monitoring**: Snapshots the state of identities and database files on clean shutdown and warns if they were modified while the app was closed. -- **3-Layer CSP Hardening**: Multi-layered Content Security Policy protection across the entire application stack: +- **Redundant CSP Hardening**: Multi-layered Content Security Policy protection across the entire application stack: 1. **Backend Server CSP**: Applied via security middleware to all HTTP responses. 2. **Electron Session CSP**: Shell-level fallback CSP applied via `webRequest.onHeadersReceived`. 3. **Loading Screen CSP**: Bootloader CSP defined in HTML meta tags.