Security

Security Policy

LanLens is currently maintained on the latest release line.

Please do not open public GitHub issues for security vulnerabilities.

If you find a vulnerability in LanLens, please report it responsibly and include as much detail as possible:

Use GitHub Security Advisories / private vulnerability reporting for this repository if available.

If private reporting is not available, contact the maintainer directly through a private channel instead of posting details publicly.

After a valid report is received:

the issue will be reviewed as quickly as possible
impact and severity will be assessed
a fix or mitigation plan will be prepared when confirmed
public disclosure should wait until affected users have a reasonable chance to update

Please report issues such as:

authentication or authorization bypass
privilege escalation
remote code execution
command injection
SQL injection
SSRF
insecure default configuration with real security impact
secrets exposure
vulnerabilities in scan, credential, notification, or admin-related functionality

The following usually do not count as reportable vulnerabilities unless they lead to real security impact:

Please avoid including real passwords, tokens, private keys, or production secrets in reports.

If redaction is possible, prefer redacted examples.

If a security fix is released:

update to the latest supported version as soon as practical
review release notes carefully
back up your instance before updating, especially when database-related changes are involved