Update SECURITY.md

Note that native code gen is currently exempt from any security guarantees as it's a pre-production R&D component right now. This will change in the future as we deploy it to production.
This commit is contained in:
Arseny Kapoulkine 2023-03-01 14:40:40 -08:00 committed by GitHub
parent 6601c41bff
commit 48172dd5b1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1,6 +1,6 @@
# Security Guarantees
Luau provides a safe sandbox that scripts can not escape from, short of vulnerabilities in custom C functions exposed by the host. This includes the virtual machine and builtin libraries.
Luau provides a safe sandbox that scripts can not escape from, short of vulnerabilities in custom C functions exposed by the host. This includes the virtual machine and builtin libraries. Notably this currently does *not* include the work-in-progress native code generation facilities.
Any source code can not result in memory safety errors or crashes during its compilation or execution. Violations of memory safety are considered vulnerabilities.