Click/tap here to expand/collapse this section
This project is still in its early stages, and none of the versions are currently supported for security, as the program is not fully functional yet, and has not been tested fully.
For general security vulnerabilities, use the security label and start your issue title with [SECURITY]. Remember to not publicly post critical/zero day vulnerabilities, see more on this below.
Click/tap here to expand/collapse this section
| Version | Supported? | Support status |
|---|---|---|
| v2021.10.24 (nightly) | ❌ | Old version, not supported |
| v2021.10.25 (nightly) | ✅ | Current version, supported |
| > v2021.10.25 (nightly) & > 2021 October 24th | ✅ | Current version set, supported |
| v???? | ❌ | NOT YET RELEASED |
Click/tap here to expand/collapse this section
DO NOT REPORT A ZERO DAY VULNERABILITY PUBLICLY!
Please instead direct message me via GitHub. If there is no response within 90 days, you can post the vulnerability as an issue, as part of the standard 0 day security exploit reporting guidelines.
If a vulnerability is caused by an outdated dependancy, you can report it publicly, as it usually isn't that much of a problem.
Click/tap here to expand/collapse this section
Dependency problems aren't very bad. This project uses 7 different languages:
-
JSON
-
JavaScript
-
Python
-
QML
-
Vala
-
C#
-
Shell (BASH)
You can still report dependency problems, but dependencies usually won't be updated unless they get too old (5+ years before the most recent release) or they aren't common enough to download anymore. The current dependencies this project has include:
-
JSON ? (the program will work with any stable version of JSON)
-
JavaScript 1.8 (although the program will still run with any version of JavaScript prior to 1.8)
-
Python 3.7.2 (although the program will still run with any version of Python prior to Python 3.0)
-
QML 1.0 (although the program will still run with any version of QML prior to 1.0, and it can be bumped up if needed)
-
- QTQuick 2.2 (for QML rendering, although it can be bumped up if needed)
-
Vala 0.40 (although the program will still run with newer versions of Vala, including the latest version (as of 2021 Wednesday October 27th) which is 0.52.4
-
C# 5.0 (although the program will still run with any version of C# prior to 4.0, and it can also be bumped up if needed)
-
BASH shell 5.0 (althouh the program will still run with any version of BASH shell from 3.0 or higher, and it can also be bumped up if needed)
Click/tap here to expand/collapse this section
Other security info currently isn't available. If there are any further questions, @ me privately on GitHub. @seanpm2001
Click/tap here to expand/collapse this section
File type: Markdown document (*.md *.mkd *.mdown *.markdown)
File purpose: Lying out the security policy for this project.
File version: 1 (2021, Wednesday, October 27th at 4:29 pm)
File language: English (US)
Line count (including blank lines and compiler line): 148
All times are UTC-7 (PDT/Pacific Time)
You may need special rendering support for the <dropdown> HTML tag being used in this document
Encoding: UTF-8 (with no non-US-ASCII characters)
Click/tap here to expand/collapse the history for this file
Version 1 (2021, Wednesday, October 27th at 4:29 pm)
Changes:
- Started the file
- Added the supported versions section
- Added the version history section
- Added the reporting a vulnerability section
- Added the file info section
- Added the file history section
- No other changes in version 1
Version 2 (Coming soon)
Changes:
- Coming soon
- No other changes in version 2