From fe985e219a9e467973e9449762fc17c6a94e9031 Mon Sep 17 00:00:00 2001
From: Lauri Ojansivu <x@xet7.org>
Date: Wed, 11 Oct 2023 08:16:08 -0400
Subject: [PATCH] Updated security.md.

---
 SECURITY.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/SECURITY.md b/SECURITY.md
index 4bceea9a8..899ed8773 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -108,6 +108,7 @@ A:
   - You can have input field for password https://github.com/wekan/wekan/blob/main/client/components/cards/attachments.js#L303-L312
   - You can save password to database https://github.com/wekan/wekan/blob/main/client/components/cards/attachments.js#L303-L312
   - Check that only current user or Admin can change password https://github.com/wekan/wekan/blob/main/client/components/cards/attachments.js#L303-L312
+    - Note that currentUser uses code like Meteor.user() in .js file
   - Do not have password hashes in PubSub https://github.com/wekan/wekan/blob/main/server/publications/users.js
   - Only show Admin Panel to Admin https://github.com/wekan/wekan/blob/main/client/components/settings/settingBody.jade#L3
 - Use Environment variables for any email etc passwords.