We actively support the following versions of precise-time-ntp with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security vulnerability in precise-time-ntp, please report it responsibly.
- DO NOT create a public GitHub issue for security vulnerabilities
- Email us directly at: [precise-time-ntp.broiling732@aleeas.com]
- Include as much information as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if available)
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Initial Assessment: We will provide an initial assessment within 5 business days
- Updates: We will keep you informed of our progress
- Resolution: We aim to resolve critical vulnerabilities within 30 days
We follow responsible disclosure practices:
- We will work with you to understand and resolve the issue
- We will not take legal action against researchers who:
- Follow this disclosure process
- Act in good faith
- Do not access or modify user data
- Do not perform actions that could harm our users
When using precise-time-ntp:
- Always use the latest version
- Validate all inputs in your application
- Use secure transport (HTTPS/WSS) for WebSocket connections
- Monitor for unusual NTP traffic patterns
- Implement rate limiting for time synchronization requests
We will acknowledge security researchers who responsibly disclose vulnerabilities (unless they prefer to remain anonymous).