We provide security updates for the latest major release of Shugur Relay.
| Version | Supported |
|---|---|
| Latest | ✅ |
| < 1.0 | ❌ |
The Shugur Relay team takes all security vulnerabilities seriously. Thank you for improving the security of our project. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
To report a security vulnerability, please use one of the following methods:
- GitHub Security Advisories (preferred): Use the Security tab on our repository
- Email: Send details to security@shugur.com
You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
Please include the following information in your report:
- A description of the vulnerability and its impact
- Steps to reproduce the vulnerability
- Any proof-of-concept code (if applicable)
- Your name and contact information (if you'd like to be credited)
- Any additional context that might be helpful
- Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
- Investigation: Our team will investigate and assess the severity of the issue
- Communication: We will keep you informed of our progress throughout the process
- Resolution: We will work to resolve the issue as quickly as possible
- Disclosure: We will coordinate with you on the timing of public disclosure
- Private Disclosure: Please do not disclose the vulnerability publicly until we have had a chance to address it
- Coordinated Release: We will coordinate with you on the release of a patch and a public advisory
- Timeline: We aim to release a patch within 90 days of receiving a report
- Credit: We will credit you in the release notes and security advisory unless you prefer to remain anonymous
When deploying Shugur Relay, consider these security recommendations:
- Keep your installation up to date with the latest releases
- Use TLS/SSL encryption for all connections
- Implement proper network security and firewall rules
- Regularly monitor your relay for suspicious activity
- Follow the principle of least privilege for system access
If you have any suggestions for how this policy could be improved, please submit a pull request.