DO NOT report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities via email to: [email protected]
Include the following in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if available)
We will respond within 24 hours and provide regular updates on our progress.
We provide security updates for the following versions:
| Version | Supported |
|---|---|
| Latest | ✅ |
| < 1.0 | ❌ |
For production deployments, please follow our Security Guide which covers:
- Network security configuration
- Authentication and authorization
- Container security hardening
- Monitoring and auditing
- Incident response procedures
GlinrDock includes several built-in security features:
- Mandatory authentication for all API endpoints
- Input validation and sanitization
- Audit logging
- Rate limiting
- CSRF protection
- Secure defaults
- Report received: We acknowledge receipt within 24 hours
- Initial triage: Assessment completed within 3 business days
- Investigation: Ongoing updates provided weekly
- Resolution: Timeline varies by severity (24h - 30 days)
- Disclosure: Public disclosure after fix is available
We recognize security researchers who responsibly disclose vulnerabilities:
- Public acknowledgment (with permission)
- Security hall of fame
- Early access to new features
Thank you for helping keep GlinrDock secure!