Skip to content

Security: SnarpleDev/Snazzle

Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

The current new draft for version support (made by me, @dynamixbot) is to support the latest app version and web version (without getting in financial trouble). Old versions will be supported until majority (85% of active) of users migrate to the new version. After that, the old version will be deprecated and will not work at all. Internal minor updates to the app or webapp will be automatically updated during launch. Major updates on app will require fresh install of new version and will be available on only new versions. Experiemental versions will be immediately deprecated after a release of a stable release. Any damage or failure to property or else is not the liability of Snazzle, Snarple or any affiliates.

Reporting a Vulnerability

Please do not report on GitHub on public issues

Instead, report vulnerabilities from the GitHub security panel where by going into advisories, you can report a vulnerability. If you want to send a vulnerability anonymously, send an email to our team to report the issue. If possible, encrypt the message with our sensitive information key and send it to us. You will receive a response from our team within 24 hours. If for some reason you do not receive a response, please follow-up via email and we will check your reported issue.

If you are sending issues via email, please type it in the following format. GitHub reports will have the following format built-in.

  • Type of issue (eg:- buffer overflow, SQL injection, cross-site scripting, empty security script)
  • Level of issue (level 1 to level 4, with level 1 being low harm, and level 4 being server shutdown to fix issue.)
  • Location of bugged code and full path(s) of source files related to demonstration of issue
  • Special configurations related to issue
  • Step-by-step instructions to replicate the issue
  • Exploit code (if possible)
  • Impact of issue (also explaining how a hacker with malicious intent might use the exploit.)

All of this information will help us to prioritize you issue accordingly.

Preferred Languages

It is recommended that you use English to report vulnerabilities or use a translator to your language to English.

There aren’t any published security advisories