We currently provide security fixes for:
| Version | Supported |
|---|---|
| Latest release | ✅ |
main branch |
✅ |
| Older releases |
Please do not report security vulnerabilities through public GitHub issues.
Preferred method:
- Use GitHub's private vulnerability reporting (Security Advisory) for this repository.
- Include:
- affected version(s)
- impact and attack scenario
- clear reproduction steps
- suggested fix (if available)
If you cannot use private reporting, send us an email on: csf@black.host
Our target process is:
- Acknowledge report within 72 hours
- Confirm severity and impact
- Prepare and test a fix
- Coordinate responsible disclosure timing with reporter
This policy applies to:
- Source code in this repository
- Installation/update scripts shipped from this repository
- Official release artifacts produced from this repository
We appreciate responsible disclosure. If you act in good faith, avoid data destruction, and do not violate user privacy, we will treat your report as authorized security research.