14. Security Policy
14.1. Supported Versions
Only the most recent version is supported; however, we are still interested in learning about security vulnerabilities in previous versions.
14.2. Reporting a Vulnerability
14.2.1. Vulnerabilitis affecting the Krptn module
If your vulnerability affects the code that is installed on peoples devices when they pip install krptn
, please fill out this form.
We also welcome vulnerabilities with no existing exploits. That means, for example, a use of an insecure cipher, that cannot be directly exploited, but is better fixed.
14.2.2. Other vulnerabilites
If your vulnerability is not to do with the Python package (e.g.: XSS vulnerability on our website), please follow the below instructions.
Email security vulnerabilities to security@krptn.dev.
Please make sure the following information is clearly stated:
What components are affected?
PoC - if any (please see our below notice)
Recommendations on fixes, if any
We also welcome vulnerabilities with no existing exploits. That means, for example, a use of an insecure cipher, that cannot be directly exploited, but is better fixed.
14.3. Vulnerability Publishing
Any published vulnerabilities will be available under the Security tab of affected GitHub repositories. To view them, click on the tab and select advisories under the reporting section.
Important vulnerabilities will also appear under our news on our homepage.