Skip to content

doc: exclude compile-time flag features from security policy #61109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nodejs-github-bot merged 1 commit into from
Dec 20, 2025
Merged

doc: exclude compile-time flag features from security policy #61109

nodejs-github-bot merged 1 commit into from
Dec 20, 2025
+20 −0

Conversation

@mcollina
Copy link
Member

@mcollina mcollina commented Dec 18, 2025

Add a new section to the security model clarifying that experimental features behind compile-time flags are not covered by the vulnerability reporting policy. These features are intended for development only and are not enabled in official releases.

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Dec 18, 2025

Review requested:

  • @nodejs/tsc

@mcollina
Copy link
Member Author

mcollina commented Dec 18, 2025

@nodejs/tsc

@nodejs-github-bot nodejs-github-bot added the doc Issues and PRs related to the documentations. label Dec 18, 2025
aduh95
aduh95 approved these changes Dec 18, 2025
View reviewed changes
Copy link
Contributor

@aduh95 aduh95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be worth it to explicitely state whether e.g. --without-sqlite qualifies?

@mcollina
doc: exclude compile-time flag features from security policy
7267b0c 
Add a new section to the security model clarifying that experimental
features behind compile-time flags are not covered by the vulnerability
reporting policy. These features are intended for development only and
are not enabled in official releases.
@mcollina mcollina force-pushed the doc/security-compile-time-flags branch from 6c0fc80 to 7267b0c Compare December 18, 2025 11:40
@lpinca lpinca added the commit-queue Add this label to land a pull request using GitHub Actions. label Dec 19, 2025
@mcollina
Copy link
Member Author

mcollina commented Dec 19, 2025
edited
Loading

Would it be worth it to explicitely state whether e.g. --without-sqlite qualifies?

Can you send a patch?

@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Dec 20, 2025
@nodejs-github-bot nodejs-github-bot merged commit 0a54180 into nodejs:main Dec 20, 2025
19 checks passed
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Dec 20, 2025

Landed in 0a54180

@mcollina mcollina deleted the doc/security-compile-time-flags branch December 22, 2025 09:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lpinca lpinca lpinca approved these changes

@UlisesGascon UlisesGascon UlisesGascon approved these changes

@aduh95 aduh95 aduh95 approved these changes

@RafaelGSS RafaelGSS RafaelGSS approved these changes

@marco-ippolito marco-ippolito marco-ippolito approved these changes

@ruyadorno ruyadorno Awaiting requested review from ruyadorno

@jasnell jasnell Awaiting requested review from jasnell

+1 more reviewer

@bjohansebas bjohansebas bjohansebas approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

doc Issues and PRs related to the documentations.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@mcollina @nodejs-github-bot @lpinca @UlisesGascon @aduh95 @RafaelGSS @marco-ippolito @bjohansebas