Skip to content

Security: MercuryWorkshop/anuraOS

SECURITY.md

Security Policy

Supported Versions

Version Supported
2.0.0 (Idol)
1.2.1
1.2.0 (Whalefall)
1.1.1
1.1.0
1.0.0 (Lag Train)

Reporting a Vulnerability

In the case that you somehow manage to find a vulnerability in Anura please create a GitHub security advisory.

REMEMBER: Please DO NOT report vulnerabilities in the repository Issues tab.

What You Should Report

If you are wondering what counts as a vulnerability, heres a good list:

  • XSS in the Anura URL
  • The ability to execute arbitrary code on the server hosting Anura (not in Anura itself, as this is an intended feature)
  • The ability to crash Anura (As in for everyone, not just your browser session)

There aren’t any published security advisories