We take security issues seriously. If you discover a security vulnerability in Plakar, we encourage you to report it responsibly to help us ensure the safety and security of our users.
If you have identified a potential security vulnerability or issue, please report it through the following process:
-
Send an Email
Email us at security@plakar.io with a detailed description of the issue, including:- Steps to reproduce the vulnerability.
- Potential impact or severity of the vulnerability.
- Any other information that might help us understand the nature of the issue.
-
Use an Encrypted Channel
If your disclosure includes sensitive information, we recommend encrypting your email using our PGP key, available here. -
Give Us Time
Please give us a reasonable amount of time to respond and address the issue before disclosing it publicly. We typically respond within 5 business days.
Once you have reported a vulnerability:
-
Acknowledgment
We will acknowledge receipt of your report and assign a contact person for any further communication. -
Investigation
Our security team will investigate and verify the issue. We may reach out to you for additional information or clarification. -
Resolution
After verification, we will work on resolving the issue as quickly as possible. You will be notified once a fix is available or when further actions are required. -
Disclosure
Once the issue has been resolved, we will publicly disclose the details of the vulnerability and credit you for the discovery if you wish to be recognized.
Only the latest stable release of Plakar is officially supported for security updates. If you discover a vulnerability in an older version, please consider upgrading to the latest version before reporting.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
To ensure the security of your Plakar deployment:
- Always keep Plakar up-to-date with the latest stable releases.
- Regularly review and update dependencies to minimize exposure to known vulnerabilities.
- Follow the Plakar Documentation for recommended deployment and security configurations.
- We prefer responsible disclosure and will work with security researchers to address reported issues.
- We will strive to resolve issues in a timely manner and will communicate progress with the reporter throughout the process.
- Public disclosure of the vulnerability details will be made only after a fix has been released.
If you have any questions about this security policy, or need additional assistance, please reach out at security@plakar.io.
Thank you for helping us keep Plakar secure and trustworthy!