14. Security Policy

14.1. Supported Versions

Only the most recent version is supported; however, we are still interested in learning about security vulnerabilities in previous versions.

14.2. Reporting a Vulnerability

14.2.1. Vulnerabilitis affecting the Krptn module

If your vulnerability affects the code that is installed on peoples devices when they pip install krptn, please fill out this form.

We also welcome vulnerabilities with no existing exploits. That means, for example, a use of an insecure cipher, that cannot be directly exploited, but is better fixed.

14.2.2. Other vulnerabilites

If your vulnerability is not to do with the Python package (e.g.: XSS vulnerability on our website), please follow the below instructions.

Email security vulnerabilities to security@krptn.dev.

Please make sure the following information is clearly stated:

• What components are affected?

• PoC - if any (please see our below notice)

• Recommendations on fixes, if any

We also welcome vulnerabilities with no existing exploits. That means, for example, a use of an insecure cipher, that cannot be directly exploited, but is better fixed.

14.3. Vulnerability Publishing

Any published vulnerabilities will be available under the Security tab of affected GitHub repositories. To view them, click on the tab and select advisories under the reporting section.

Important vulnerabilities will also appear under our news on our homepage.