Skip to content

Security: lynicis/actup

Security

SECURITY.md

Security Policy

We take the security of actup seriously. This document outlines our policy and procedures for reporting security vulnerabilities.

Supported Versions

Currently, we actively support and patch security issues in the following versions of actup:

Version Supported
>= 1.0.x ✅ Yes
< 1.0.0 ❌ No

Please upgrade to the latest stable release to ensure you have the latest security patches and bug fixes.

Reporting a Vulnerability

If you discover a security vulnerability in actup, please do not open a public issue. Publicly disclosing a vulnerability can expose users to risk before a patch is available.

Instead, please report security issues privately:

  1. Email: Send a detailed email to lynicis@protonmail.com.
  2. Details: In your report, please include:
    • A clear description of the vulnerability and its potential impact.
    • Detailed steps to reproduce the issue (including any sample configuration files or workflows).
    • Any tools or scripts needed to demonstrate the exploit.
    • Your contact details for follow-up and attribution.

Our Security Response Process

Once we receive a vulnerability report, we will:

  1. Acknowledge: Acknowledge receipt of your report within 48 hours.
  2. Assess: Investigate and verify the vulnerability. We may contact you for clarification or additional information.
  3. Patch: Develop a fix or mitigation. We aim to address confirmed vulnerabilities within 14 days of receipt.
  4. Publish: Release a patched version of actup and document the security advisory in the release notes.
  5. Credit: Attribute the discovery to you in our release notes (unless you request to remain anonymous).

Thank you for helping keep actup and its users safe!

There aren't any published security advisories