| Version | Supported |
|---|---|
| 2.x | ✅ |
| < 2.0 | ❌ |
If you discover a security vulnerability in PhpCodeArcheology, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please send an email to hello@marcuskober.de with:
- A description of the vulnerability
- Steps to reproduce the issue
- Any potential impact you have identified
- Acknowledgement: Within 14 days of your report
- Status update: Within 30 days, we will provide an initial assessment
- Resolution: We aim to address confirmed vulnerabilities within 90 days, depending on severity and complexity
This is an open-source project maintained in spare time, so response times may vary. We appreciate your patience and your help in keeping PhpCodeArcheology secure.
As a static analysis tool that runs locally, the primary security concerns are:
- Code injection through crafted PHP files being analyzed
- Vulnerabilities in dependencies
- Information disclosure through generated reports
We appreciate responsible disclosure and will credit reporters in the release notes (unless you prefer to remain anonymous).