Skip to content

Security: sec-gp/CIPP

Security

SECURITY.md

Security Policy

Supported Versions

The current release is the only "supported version" and should not have any security bugs. However if you find a security issue in an older release feel free to also report this in case of regression, We'd rather know we made a mistake at one point in time and avoid that in the future.

Reporting a Vulnerability

Reporting a vulnerability is best done by emailing [security@cyberdrain.com](mailto:security@cyberdrain.com?subject=CIPP Security Issue) but you can also message an admin directly on the CyberDrain Discord. All relevant contributors will be alerted and can discuss the issue in private and address it if appropriate. It will help in making the fix available as soon as possible without endangering other users of the product.

We will publicly release any security report after the resolution, including all communications. If you would rather have only the bug report public, please let us know in the report.

Notifications and security advisories

We report any security notification via the GitHub notification and advisory system. Sponsors that are hosted will also receive a notification in case a major bug has been found.

Bounties and Rewards

This project is an open-source sponsorware effort, which makes it hard to create a monetary reward without breaking the bank very quickly. for critical level bugs, that cause RCE/API data leaks/etc I will award a 50 dollar reward. For other bugs, I potentially am able to reward with some swag such as an official CyberDrain T-shirt or hoodie :)

There aren’t any published security advisories