Skip to content

Security: sharryy/docker-sandbox

Security

SECURITY.md

Security Policy

Supported Versions

Security fixes are applied to the latest released version.

Reporting a Vulnerability

Please do not open a public issue for security vulnerabilities.

Instead, report them privately via either:

You will receive a response as soon as possible. Please give us a reasonable amount of time to address the issue before any public disclosure.

Scope

This package runs untrusted code inside hardened Docker containers. The hardening applied by Sandbox/run() (no network, non-root, read-only rootfs, dropped capabilities, no-new-privileges, pid/memory limits) reduces risk but does not replace a properly secured Docker daemon and host. Reports about weakening or bypassing these defaults are especially welcome.

There aren't any published security advisories