SECURITY

[myOmikron]

I couldn't find any information regarding handling of incidents / security problems on this repository. As this is IMHO quite important for a web-framework it would be nice to have some sort of contact information (email + pgp preferred over proprietary chats) and information about how to proceed further, what steps are executed and how quickly responses can be expected.

Some proposals:

• Add a security policy via github. If a SECURITY.md file is found in the root of the repository, it is included in the About section.
• Add a section in the README on how to establish contacts regarding security considerations

[WebFreak001]

There hasn't been any response from vibe.d maintainers yet, but if you have something to report, you can probably send a mail to the dlang security team (see https://dlang.org/security.html), they are most likely to get in touch with the vibe.d maintainers and get fixes in.