Skip to content

Security: M1XZG/uptime

SECURITY.md

Security Policy

If you think you have found a security problem in this project, please tell me privately before sharing it anywhere public. That gives me a chance to fix it and cut a release before the details are widely known.

Reporting a vulnerability

The best way to reach me is through GitHub's private vulnerability reporting. Open the Security tab on this repository, choose "Report a vulnerability", and your report stays confidential between us until we agree it is ready to disclose.

When you write up the issue, it helps to include the version or commit you were on, the steps that trigger the problem, and what you expected to happen instead. A small reproducer saves a lot of back-and-forth.

This is a personal project that I maintain in my spare time, so I cannot promise a same-day reply. I will do my best to acknowledge your report within a week and keep you posted while I work through it.

Scope

The bugs I most want to hear about are the ones that let someone read or change data they should not, run code they should not, or take over an account or host. Problems that only show up in a fork, an old release, or a heavily modified setup are lower priority, though still worth a note.

Thanks for helping keep the project, and the people who rely on it, safe.

There aren't any published security advisories