From 4cfa2ce3fa93f149499a1aa309790e11b93aa91c Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 9 Dec 2022 16:06:43 +0100 Subject: [PATCH] Add SensitiveParameter attribute in the security hardening list --- contributing/code/security.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contributing/code/security.rst b/contributing/code/security.rst index 7aab51ff919..1d2468af388 100644 --- a/contributing/code/security.rst +++ b/contributing/code/security.rst @@ -22,8 +22,8 @@ email for confirmation): is set to ``true`` or ``APP_ENV`` set to anything but ``prod``); * Any fix that can be classified as **security hardening** like route - enumeration, login throttling bypasses, denial of service attacks, or timing - attacks. + enumeration, login throttling bypasses, denial of service attacks, timing + attacks, or lack of ``SensitiveParameter`` attributes. In any case, the core team has the final decision on which issues are considered security vulnerabilities.