We take security of T-Pot very seriously. If one of T-Pot's components is affected, it is most likely that a upstream component we rely on is involved, such as a honeypot, docker image, tool or package. Together we will find the best possible way to remedy the situation.

Before you submit a possible vulnerability, please ensure you have done the following:

1. You have checked the documentation, issues and discussions if the detected behavior is typical and does not revolve around other issues. I.e. Cowrie will be detected with outgoing conncection requests or T-Pot opening all possible TCP ports which Honeytrap enabled install flavors will do as a feature.
2. You have identified the vulnerable component and isolated your finding (honeypot, docker image, tool, package, etc.).
3. You have a detailed description including log files, possibly debug files, with all steps necessary for us to reproduce / trigger the behaviour or vulnerability. At best you already have a possible solution, hotfix, fix or patch to remedy the situation and want to submit a PR.
4. You have checked if the possible vulnerability is known upstream. If a fix / patch is already available, please provide the necessary info.

We will get back to you as fast as possible. In case you think this is an emergency for the whole T-Pot community feel free to speed things up by responsibly informing our CERT.