We actively support the latest version of ToolR. Security updates will be provided for:
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
We take security vulnerabilities seriously and appreciate your efforts to responsibly disclose any issues you may find.
If you discover a security vulnerability, please report it by:
- GitHub Security Advisory: Use GitHub's private vulnerability reporting feature that can be found here.
When reporting a vulnerability, please provide:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes or mitigations
- Your contact information for follow-up questions
We are committed to addressing security issues promptly:
- Initial Response: We will acknowledge receipt of your report within 48 hours
- Investigation: We will investigate and validate the vulnerability within 5 business days
- Resolution: Critical vulnerabilities will be patched within 30 days, other issues within 90 days
- Disclosure: We will coordinate with you on public disclosure timing after the fix is available
We follow responsible disclosure practices:
- Please allow us reasonable time to investigate and fix the vulnerability before public disclosure
- We will work with you to understand the scope and impact
- We will credit you for the discovery (unless you prefer to remain anonymous)
- We will publish security advisories for confirmed vulnerabilities
When using ToolR:
- Always use the latest version
- Review and validate any custom configurations
- Be cautious when processing untrusted input
- Follow the principle of least privilege when granting permissions
While we don't currently offer a formal bug bounty program, we deeply appreciate security researchers who help keep ToolR secure and will acknowledge your contributions.
For any security-related questions or concerns, please contact:
- Project Maintainer: Pedro Algarvio (@s0undt3ch)
Thank you for helping keep ToolR and its community secure!