Skip to content

Security: fkcurrie/fluidnc-ledscreen

Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

Version Supported
1.0.x

Reporting a Vulnerability

We take the security of FluidNC LED Screen Monitor seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them via email to [security@sfle.ca]. You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.

Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:

  • Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
  • Full paths of source file(s) related to the manifestation of the issue
  • The location of the affected source code (tag/branch/commit or direct URL)
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if possible)
  • Impact of the issue, including how an attacker might exploit the issue

This information will help us triage your report more quickly.

Preferred Languages

We prefer all communications to be in English.

Security Measures

This project implements several security measures:

  1. Regular dependency updates via Dependabot
  2. Security scanning of dependencies
  3. Code scanning for vulnerabilities
  4. Secure configuration defaults
  5. Input validation and sanitization
  6. Error handling that prevents information disclosure

Security Updates

Security updates are released as soon as possible after a vulnerability is discovered and fixed. We follow these steps:

  1. Assess the severity of the vulnerability
  2. Develop and test a fix
  3. Release a security update
  4. Notify users through GitHub releases
  5. Update documentation with security notes

Security Best Practices

When using this project, we recommend:

  1. Always use the latest stable version
  2. Keep dependencies up to date
  3. Follow the principle of least privilege
  4. Monitor logs for suspicious activity
  5. Regularly backup configuration files
  6. Use secure network configurations

Contact

For security-related issues, please contact [security@sfle.ca].

There aren't any published security advisories