Security Policy
Security Policy
This repository contains the source for yantosca.github.io, a personal academic website built with Jekyll and hosted on GitHub Pages. It is a static site with no server-side code, database, authentication, or user data collection beyond optional third-party analytics/comments configured in _config.yml.
Supported Versions
This site tracks a single main branch, which is deployed directly by GitHub Pages. There are no maintained older versions — only the latest commit on main is in service.
Reporting a Vulnerability
If you discover a security issue with this site (e.g. a vulnerable dependency in Gemfile/Gemfile.lock or package.json, an XSS vector in the templates, or a misconfiguration exposing sensitive data), please report it privately rather than opening a public issue:
- Email: yantosca@seas.harvard.edu
Please include a description of the issue, the affected file(s)/URL, and steps to reproduce if applicable. I’ll acknowledge reports as soon as possible and push a fix or mitigation.
Dependency Notes
- Ruby gem versions are pinned via
Gemfile.lock. If GitHub flags a vulnerability in a transitive dependency ofgithub-pages, the usual fix is to deleteGemfile.lockand runbundle installto regenerate it against the latest allowed versions. - Front-end vendor libraries (jQuery and plugins under
assets/js/vendor/,assets/js/plugins/) are bundled from the upstream Minimal Mistakes theme; updates should come from upstream rather than ad hoc patching.
