If you discover a security vulnerability in KP Ruck, please report it responsibly through GitHub Security Advisories:
- Go to the Security Advisories page
- Click "New draft security advisory"
- Fill in the details of the vulnerability
- Submit the advisory
This ensures the report is private and only visible to repository maintainers until a fix is released.
- We will acknowledge your report within 48 hours
- We will provide an estimated timeline for a fix
- We will notify you when the vulnerability is resolved
- We will credit you in the release notes (unless you prefer to remain anonymous)
This policy applies to the latest version of KP Ruck on the main branch.
- Vulnerabilities in third-party dependencies (please report these to the respective maintainers)
- Issues in demo/development environments
- Social engineering attacks
- Open a public GitHub issue for security vulnerabilities
- Share vulnerability details publicly before a fix is available