We actively support the following versions of Redis Explorer with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take the security of Redis Explorer seriously. If you believe you have found a security vulnerability, please report it to us as described below.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via email to: [security@redis-explorer.com] (replace with actual email)
You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
Please include the following information in your report:
- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
- Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
- Investigation: We will investigate and validate the vulnerability
- Fix Development: We will develop a fix for confirmed vulnerabilities
- Disclosure: We will coordinate disclosure with you
- Release: We will release the security fix and publish a security advisory
We prefer all communications to be in English.
When using Redis Explorer, please follow these security best practices:
- Always use SSL/TLS for Redis connections in production
- Use strong passwords for Redis authentication
- Limit network access to Redis servers
- Use Redis AUTH command for authentication
- Keep Redis Explorer updated to the latest version
- Use environment variables for sensitive configuration
- Run Redis Explorer behind a reverse proxy with proper authentication
- Regularly audit your Redis configurations
- Encrypt sensitive data at rest
- Use Redis ACLs to limit command access
- Monitor Redis logs for suspicious activity
- Implement proper backup and recovery procedures
- Connection passwords are encrypted using AES-192 before storage
- Connection data is stored server-side, not in browser localStorage
- Ensure proper file system permissions on the server
- Redis Explorer communicates with Redis servers directly
- All Redis commands are executed server-side
- WebSocket connections (if enabled) should use WSS in production
- Redis Explorer does not implement user authentication by default
- Consider implementing authentication at the reverse proxy level
- Use Redis AUTH for database-level authentication
Security updates will be released as patch versions and announced through:
- GitHub Security Advisories
- Release notes
- Project README
We would like to thank the following individuals for responsibly disclosing security vulnerabilities:
- [List will be updated as reports are received and resolved]
For any questions about this security policy, please contact us at [security@redis-explorer.com] (replace with actual email).