We release patches for security vulnerabilities. Currently supported versions:
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
We take the security of Smodr seriously. If you believe you have found a security vulnerability, please report it to us as described below.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via email to the project maintainer or through GitHub's private vulnerability reporting feature:
- Navigate to the repository's Security tab
- Click "Report a vulnerability"
- Fill out the form with details about the vulnerability
Alternatively, you can email security concerns directly to the repository owner.
Please include the following information in your report:
- Type of vulnerability
- Full paths of source file(s) related to the vulnerability
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
- We will acknowledge receipt of your vulnerability report within 48 hours
- We will provide a more detailed response within 7 days indicating the next steps
- We will keep you informed about the progress towards a fix and full announcement
- We may ask for additional information or guidance
- We request that you give us a reasonable amount of time to fix the vulnerability before public disclosure
- Once a fix is available, we will release a security advisory
- We appreciate your cooperation in making Smodr secure for everyone
- The security issue is received and assigned to a handler
- The problem is confirmed and affected versions are determined
- Code is audited to find any similar problems
- Fixes are prepared for all supported releases
- Security advisory is published
If you have suggestions on how this process could be improved, please submit a pull request.