The following Security Policy of OctoPrint-Telegram is based on the Security Policy of OctoPrint, which can be found here.
If you think that you have found a security vulnerability and are confident that the issue concerns OctoPrint-Telegram (not OctoPrint or Telegram themselves), please disclose it to us via a GitHub Security Advisory.
- If it affects Telegram, report it via Telegram’s Bug Bounty program.
- If it affects OctoPrint, follow the official OctoPrint Security Policy.
We are mostly interested in reports by actual OctoPrint-Telegram users that are familiar with the plugin and the OctoPrint context, but all high quality contributions are welcome. Please do your best to describe a clear and realistic impact for your report.
For the sake of OctoPrint-Telegram’s user base, please allow us at least 90 days to release a fixed version before any public disclosure.
We only accept reports against the latest release of OctoPrint-Telegram, which can be found here.
We do not accept reports against forks of OctoPrint-Telegram.
We will publish GitHub Security Advisories.
We will not request CVEs, as the scope and distribution of this plugin do not warrant CVE assignment.
Since OctoPrint-Telegram is a free, open-source project, we are unable to offer monetary bounties for security vulnerabilities.
However, we are committed to crediting security researchers in commits and release notes.
OctoPrint-Telegram is an independent project and is not affiliated with, endorsed by, or in any way officially connected to Telegram FZ-LLC.
"Telegram" is a trademark of Telegram FZ-LLC.