The following table shows which versions of Trakrlog are currently supported with security updates.
| Version | Supported |
|---|---|
| Latest (main branch) | ✅ |
| Previous releases | |
| Pre-release / dev builds | ❌ |
If you discover a security vulnerability in Trakrlog, please do not open a public GitHub issue.
Instead, report it privately so we can review and fix it responsibly.
Please contact us on [email protected] including:
- A detailed description of the issue
- Steps to reproduce
- Any proof-of-concept code or screenshots (if applicable)
- Suggested fixes (optional)
We aim to acknowledge all reports as fast as possible.
Once a vulnerability is confirmed:
- We will privately discuss and patch the issue.
- A security release or patch version will be published.
- Public disclosure will be made only after the fix is available.
If you find an issue but are unsure whether it’s a security concern, please report it anyway — we’ll handle it appropriately.
If you self-host Trakrlog:
- Always use the latest stable version.
- Run behind HTTPS with valid certificates.
- Set strong API keys and keep them secret.
- Limit access to admin endpoints and dashboards.
- Regularly back up your database and configuration.
We strongly support responsible disclosure.
Please give us adequate time to fix the issue before making it public.
Thank you for helping make Trakrlog safer for everyone. 💙