From f230cb89f63440879e8b2aa3d9d1774d113398e0 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 13 Oct 2025 08:16:16 +0000
Subject: [PATCH 1/5] Initial plan


From 0e85f09998f56881201b53398972e0c2eeeaa3d9 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 13 Oct 2025 08:24:54 +0000
Subject: [PATCH 2/5] Add customized SECURITY.md and update .gitignore for
 build artifacts

Co-authored-by: artsploit <44605151+artsploit@users.noreply.github.com>
---
 .gitignore  |  3 ++-
 SECURITY.md | 42 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 SECURITY.md

diff --git a/.gitignore b/.gitignore
index 712722e..d932d63 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 .idea/*
 ./out/*
 ./yaml-payload.jar
-./yaml-payload.yml
\ No newline at end of file
+./yaml-payload.yml
+*.class
\ No newline at end of file
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..9deae41
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,42 @@
+# Security Policy
+
+## About This Repository
+
+This repository contains a proof-of-concept tool for generating SnakeYAML deserialization payloads. It is intended for **security research and educational purposes only** to help security professionals understand and test for YAML deserialization vulnerabilities.
+
+## Disclaimer
+
+⚠️ **Important**: This tool is designed to demonstrate a known security vulnerability. Use this tool only in authorized testing environments and with explicit permission. Unauthorized access to computer systems is illegal.
+
+## Reporting Security Issues
+
+If you discover a security vulnerability in this repository (e.g., issues with the code itself, documentation errors, or security concerns), please report it by:
+
+1. Opening an issue in this repository
+2. Clearly describing the security concern
+3. If applicable, suggesting a fix or improvement
+
+Please do not use this issue tracker to report vulnerabilities in other projects or systems.
+
+## Responsible Use
+
+Users of this tool are expected to:
+- Use it only for legitimate security testing and research
+- Have proper authorization before testing any systems
+- Follow all applicable laws and regulations
+- Respect ethical guidelines for security research
+
+## Supported Use Cases
+
+This tool is provided as-is for:
+- Security researchers testing for SnakeYAML vulnerabilities
+- Penetration testers with authorization
+- Educational purposes in controlled environments
+- Vulnerability research and disclosure
+
+## Not Supported
+
+This project does not support:
+- Malicious or unauthorized use
+- Attacks on systems without permission
+- Distribution for illegal purposes

From 1823aadc3f9f0a546522350fed8ba61d211cec39 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 13 Oct 2025 08:26:33 +0000
Subject: [PATCH 3/5] Improve SECURITY.md with private reporting guidance for
 critical issues

Co-authored-by: artsploit <44605151+artsploit@users.noreply.github.com>
---
 SECURITY.md | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 9deae41..2ce15ed 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -10,11 +10,18 @@ This repository contains a proof-of-concept tool for generating SnakeYAML deseri
 
 ## Reporting Security Issues
 
-If you discover a security vulnerability in this repository (e.g., issues with the code itself, documentation errors, or security concerns), please report it by:
-
-1. Opening an issue in this repository
-2. Clearly describing the security concern
-3. If applicable, suggesting a fix or improvement
+If you discover a security vulnerability in this repository (e.g., issues with the code itself, documentation errors, or security concerns), please report it responsibly:
+
+### For Non-Critical Issues
+- Open a public issue in this repository
+- Clearly describe the concern
+- Suggest a fix or improvement if applicable
+
+### For Critical Security Issues
+- Use GitHub's [private security advisory](https://github.com/artsploit/yaml-payload/security/advisories/new) feature
+- Or contact the repository maintainer directly
+- Provide detailed information about the vulnerability
+- Allow time for the issue to be addressed before public disclosure
 
 Please do not use this issue tracker to report vulnerabilities in other projects or systems.
 

From 2bb5696c61a15091d3efdc80112a8f853e2bd56b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 13 Oct 2025 08:28:31 +0000
Subject: [PATCH 4/5] Make SECURITY.md repository-agnostic for better fork
 compatibility

Co-authored-by: artsploit <44605151+artsploit@users.noreply.github.com>
---
 SECURITY.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 2ce15ed..5c2ad47 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -18,8 +18,8 @@ If you discover a security vulnerability in this repository (e.g., issues with t
 - Suggest a fix or improvement if applicable
 
 ### For Critical Security Issues
-- Use GitHub's [private security advisory](https://github.com/artsploit/yaml-payload/security/advisories/new) feature
-- Or contact the repository maintainer directly
+- Use GitHub's private security advisory feature (navigate to the Security tab → Advisories → New draft security advisory)
+- Or contact the repository maintainer directly via GitHub
 - Provide detailed information about the vulnerability
 - Allow time for the issue to be addressed before public disclosure
 

From 4e5ec7abfb9562ebe06473f0b9284e82e6372695 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 14 Oct 2025 11:53:32 +0000
Subject: [PATCH 5/5] Remove .idea/* from .gitignore as requested

Co-authored-by: artsploit <44605151+artsploit@users.noreply.github.com>
---
 .gitignore | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index d932d63..54cb9b7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,3 @@
-.idea/*
 ./out/*
 ./yaml-payload.jar
 ./yaml-payload.yml