The security of our users, contributors and systems is important to us.
If you believe you have discovered a security vulnerability in any TuxOps project, please report it responsibly.
- Open a public GitHub issue.
- Disclose the vulnerability publicly before it has been reviewed.
- Share exploit details publicly.
Please contact us privately with:
- A description of the issue
- Steps to reproduce
- Potential impact
- Any suggested mitigations
We will acknowledge receipt of your report as soon as reasonably possible and investigate accordingly.
We kindly ask researchers and contributors to provide us with reasonable time to investigate and address vulnerabilities before any public disclosure.
We appreciate responsible security research and will always act in good faith toward individuals who report issues responsibly.
This policy applies to repositories owned by the TuxOps organization unless otherwise specified.
Security reports submitted through public issues, pull requests or discussions may be removed to protect users and systems.