Skip to content

Security: redbox-mint/redbox-portal

SECURITY.md

Security Policy

Supported Versions

Security updates are provided for the following versions of our project. If your version is not listed below, we encourage you to upgrade to a supported version to ensure you receive updates for security vulnerabilities.

Version Supported
3.x
2.5
< 2.5

Reporting a Vulnerability

We take the security of our project very seriously. If you believe you have found a security vulnerability, please report it to us as described below. We welcome reports from everyone, including security researchers, developers, and our user community.

Where to Report

  • GitHub Issues: For vulnerabilities that are not sensitive in nature, you can open an issue in our GitHub repository. Please use the "Security Vulnerability" template.
  • Email: Please send an email to [email protected]. Please encrypt your email if you can.

What to Include

Your report should include:

  • A clear description of the issue, including how it can be reproduced.
  • Any relevant versions or configurations.
  • If possible, a proof-of-concept or an explanation of the potential impact of the vulnerability.

Response Expectations

After reporting a vulnerability, you can expect the following process:

  • Acknowledgment: We aim to acknowledge receipt of your report within 2 business days.
  • Communication: We will keep you informed of our progress as we investigate your report, usually within one week.
  • Resolution: We strive to resolve reported vulnerabilities as quickly as possible. The time to resolution depends on the complexity of the issue. Once resolved, we will notify you and may publicly acknowledge your contribution, unless you prefer to remain anonymous.

Policy Updates

This security policy may be updated from time to time. We encourage you to review it periodically.

Please use this policy responsibly. Do not exploit vulnerabilities beyond what is necessary to demonstrate their presence. Avoid data deletion, unauthorized data access, and service disruption when reporting.

There aren’t any published security advisories