runtime(gpg): Mark dangerous use-embedded-filename with WarningMsg Commit: https://github.com/vim/vim/commit/6d91227267a5f7e21fc9b30443687618e92751bf Author: Christian Brabandt <cb@256bit.org> Date: Sun Feb 11 18:19:45 2024 +0100 runtime(gpg): Mark dangerous use-embedded-filename with WarningMsg The syntax highlighter is likely to encourage people to use the listed commands. But `use-embedded-filename` is a dangerous option that can cause GnuPG to write arbitrary data to arbitrary files whenever GnuPG encounters malicious data. GnuPG upstream explicitly warns against using this option: https://dev.gnupg.org/T4500 https://dev.gnupg.org/T6972 However, since this is a valid option, we cannot just drop it from the syntax script. Instead, let's mark it with the WarningMsg highlighting to make it obvious, that this option is different (and should not be used for security reasons). closes: #13961 Co-authored-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Signed-off-by: Christian Brabandt <cb@256bit.org>

# Security Policy

## Reporting a vulnerability

If you want to report a security issue, please privately disclose the issue to the vim-security mailing list
vim-security@googlegroups.com

This is a private list, read only by the maintainers, but anybody can post, after moderation.

**Please don't publicly disclose the issue until it has been addressed by us.**