Our aim is to keep this project as secure as possible. However, if you discover a security issue, please follow the guidelines below to report it to us.
We are currently providing security updates for the following versions of the project:
| Version | Supported |
|---|---|
| 1.x | ✅ |
Please ensure your version is up-to-date to have the latest security patches.
If you discover a vulnerability in the system, please do not open an issue on GitHub due to the sensitive nature of security issues.
Instead, send an email directly to Robin Röper at rroeper@superclustr.net. The email should contain detailed information about the vulnerability, steps to reproduce, and any potential impacts.
We take all security reports seriously, and if we verify the vulnerability, we will immediately work on a fix. Here's what you can expect after submitting a vulnerability:
-
Acknowledgment: We will acknowledge receipt of your vulnerability report within 2 business days.
-
Verification: We will verify the vulnerability you've reported. The time this takes can vary depending on the complexity of the issue.
-
Updates: You will receive updates on our progress in fixing the vulnerability every week until the issue is resolved.
-
Resolution: If the vulnerability is accepted, a patch will be implemented, and you will be credited in the patch notes (unless anonymity is requested).
-
Dismissal: If the reported issue does not qualify as a vulnerability, we will provide a detailed explanation of our decision.
We appreciate your help in keeping our project safe and ask for your patience while we handle the issue. Please refrain from disclosing the vulnerability to others until we've had a chance to address it.
Remember, responsible disclosure benefits everyone and helps improve the overall security of the Internet. Thank you for doing your part!