Please see this wiki page for important notices about ArchiveBox security, publishing your archives securely, and the dangers of executing archived JS:
https://github.com/ArchiveBox/ArchiveBox/wiki/Security-Overview
Also see this section of the README about important caveats when running ArchiveBox:
https://github.com/ArchiveBox/ArchiveBox?tab=readme-ov-file#caveats
You can also read these pages for more information about ArchiveBox's internals, development environment, DB schema, and more:
- https://github.com/ArchiveBox/ArchiveBox#archive-layout
- https://github.com/ArchiveBox/ArchiveBox#archivebox-development
- https://github.com/ArchiveBox/ArchiveBox/wiki/Upgrading-or-Merging-Archives
- https://github.com/ArchiveBox/ArchiveBox/wiki/Troubleshooting
We use Github's built-in Private Reporting feature to accept vulnerability reports.
-
Go to the Security tab on our Github repo: https://github.com/ArchiveBox/ArchiveBox/security
-
Click the "Report a Vulnerability" button
-
Fill out the form to submit the details of the report and it will be securely sent to the maintainers
You can also contact the maintainers via our public Zulip Chat Server zulip.archivebox.io or Twitter DMs @ArchiveBoxApp.