We take the security of your "booty" seriously. If you've found a way to scuttle our defenses, we want to know before the privateers do.
Only the latest rigging is fully supported with security updates.
| Version | Supported |
|---|---|
| v2.x (hardenctl) | ✅ |
| v1.x (scripts only) | ❌ |
If you discover a hole in the hull or a weakness in the rigging, please follow these steps to report it responsibly:
- Do NOT sound the public alarm. Opening a public issue alerts the scoundrels before we can patch the leak.
- Send a carrier pigeon (Email). Contact the maintainers directly with a detailed description of the vulnerability.
- Show us the map. Include clear steps to reproduce the issue so we can verify the weakness.
- Wait for the signal. We will acknowledge your report within 48 hours and work with you to secure the fortress.
We are committed to fixing security vulnerabilities as quickly as possible. We ask that you give us a reasonable amount of time to deploy a patch before you disclose the vulnerability to the public.
“May your code be clean and your treasure stay hidden.” 🦜🏴☠️