Security findings (legacy folder)¶
The canonical finding bodies have moved to
../security/internal/findings.md(renamed SR-014…SR-016). The three files in this folder are kept as redirect stubs so external bookmarks resolve.New findings are written directly in
security/internal/findings.mdasSR-NNNrows. Do not author newSF-NNNfiles in this folder.
Legacy index¶
| Legacy ID | Canonical ID | Title | Stub file |
|---|---|---|---|
| SF-001 | SR-014 | Sign-in email enumeration via timing oracle | sf-001-signin-email-enumeration-timing.md |
| SF-002 | SR-015 | Lockout counter reset defeats escalating rate-limit | sf-002-lockout-counter-reset.md |
| SF-003 | SR-016 | SignInDto validates neither format nor length |
sf-003-signin-dto-constraints.md |
The cross-reference table in ../security/internal/findings.md §"Legacy SF-NNN mapping" carries the full mapping for any auditor or external party still citing the SF-NNN form.