The following versions of DebFresh are currently supported with security updates:
| Version | Supported | Status |
|---|---|---|
| 1.x.x | β Yes | Active Development |
| 0.x.x | β No | End of Life |
All security reports and changes require explicit approval from the project maintainer before any action is taken.
Please Note: I maintain this project alongside my full-time job. While I strive to respond quickly, there may be delays of up to one week during busy periods. I appreciate your patience and understanding.
DO NOT create a public GitHub issue for security vulnerabilities.
Please report security issues by:
- Creating a Private Security Advisory in this repository
- OR Email: [email protected]
- Include in your report:
- DebFresh version affected
- Detailed vulnerability description
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Report received via private channel
- Maintainer approval required to proceed
- Acknowledgment within 3-7 days (depending on work schedule)
- Vulnerability verified by maintainer
- Explicit maintainer approval required for all actions
- Assessment completed within 5-10 business days
- Patch development (requires maintainer approval)
- Internal testing and validation
- All code changes must be approved by maintainer
- Security update released
- Public disclosure after patch availability
- Credit to reporter (unless anonymous)
- β All security-related code changes
- β Vulnerability disclosures
- β Security patch releases
- β Third-party security contributions
- β Changes to this security policy
- Initial Response: 3-7 days (may vary due to work commitments)
- Assessment Completion: 5-10 business days
- Patch Development: 7-14 days (depending on complexity)
- Remote code execution vulnerabilities
- Privilege escalation issues
- Authentication/authorization bypasses
- Data leakage/exposure
- Script injection vulnerabilities
- Feature requests
- Non-security related bugs
- Design changes
- Performance optimizations
We appreciate responsible disclosure:
- Test against your own systems
- Respect our response timeline
- Keep vulnerability details confidential
- Allow time for patches to be developed
- Understand I maintain this project in my spare time
- Access or modify user data without permission
- Perform DoS or DDoS attacks
- Disclose vulnerabilities before approval
- Expect immediate responses during business hours
Primary Security Contact:
- Create a Private Security Advisory in this repository
- OR Email: [email protected]
Response Time: 3-7 days (may vary due to work schedule)
Note: This project follows a maintainer-approval-required model. No security actions will be taken without explicit maintainer approval.
Thank you for your patience and for helping keep DebFresh and its users safe! π