Skip to content

Latest commit

 

History

History
49 lines (32 loc) · 2.93 KB

SECURITY.md

File metadata and controls

49 lines (32 loc) · 2.93 KB

Security Policy

Supported Versions

I am dedicated to ensure the security of DDNS Updater. To achieve this, I follow the Calendar Versioning (CalVer) scheme, where revisions are in the format "yy/week of year/revision". I will only support the latest revision of each of the last three calendar weeks. Explanatory diagram:

Version Supported
2023.30.2
2023.30.1
2023.29.2
2023.28.4
Older

Reporting a Vulnerability

I take the security of this project very seriously. If you discover a security vulnerability, I appreciate your responsible disclosure. To report a vulnerability, please follow these steps:

  1. Email: Send an email to info@plaenker.com with all the details regarding the vulnerability.
  2. Subject: Use "[DDNS Updater Vulnerability Report]" as the subject line to help me prioritize and identify your report.
  3. Vulnerability Details: Please provide a clear and detailed description of the vulnerability, along with the potential impact it may have.
  4. Reproducibility: If possible, include step-by-step instructions to reproduce the vulnerability.
  5. Versions Affected: Specify which versions of the project are affected by the vulnerability.
  6. Your Contact: Include your name, email address, and any other contact information you wish to share.

Response and Resolution

Once I receive the vulnerability report, I will acknowledge its receipt within 72 hours. I will conduct an initial review to validate the vulnerability and determine its severity.

If the vulnerability is accepted:

  • Fixing Process: I will prioritize developing a patch for the vulnerability.
  • Release Timeline: The patch will be included in the next available release within a reasonable timeframe. Please note that the release cycle might vary, but I will prioritize security fixes.
  • Credit: If you desire, I will acknowledge your contribution and give you credit for responsibly reporting the vulnerability.

If the vulnerability is declined:

  • Reasoning: I will provide a reason for the rejection and explain why the reported issue does not qualify as a security vulnerability.

Security Updates

To ensure the security of DDNS Updater, it is crucial that all users update to the latest supported version promptly. Users of older versions that are no longer supported are strongly recommended to upgrade to a supported version to stay protected against potential security threats.

Thank you for helping me make DDNS Updater more secure. Your cooperation and responsible disclosure are essential to maintaining the integrity and trustworthiness of this project.

Please note that this security policy is subject to change over time, so it is advisable to check this document periodically for any updates.

Last Updated: July 31, 2023.