We are currently looking for vulnerabilities in the next versions.
| Version | Supported |
|---|---|
| 0.4.0 | ✅ |
| 0.3.x | ✅ |
| 0.2.1 | ✅ |
| < 0.2.1 | ❌ |
To report a vulnerability you can eather email us on kolya@iktm.me or contact me in Discord: kolya5544#8163
In title, specify the severity and short summary of impact.
Make sure to mention next in body:
- Severity (you can use CVSS 3.x system)
- PoC if there is any
- Steps for an attacker to reproduce
- Possible logs
We are currently looking for all types of vulnerabilities, except:
- The ones that require you to have local/physical access, or an access to console window.
- The ones that do not affect the stability of a system, do not reveal private information or don't give an attacker any sort of control.
- The vulnerability shouldn't be related to improper configuration by system administrators. (unless it's in default configuration)
Based on severity, the vulnerability will be fixed within 1-5 days. The publication of vulnerability details or exploits is only allowed after 7 days from release
For all approved vulnerabilities, your nickname/name will be added to a changelog.