Skip to content

Security: brandontroidl/Internets

SECURITY.md

Security Policy

Supported

main and the latest tagged release. Older tags get nothing.

Reporting

Report privately through the repo Security tab, "Report a vulnerability" (GitHub private advisories). Not a public issue, PR, or IRC message.

Say which command or module, on which commit, how to reproduce it, and the impact you can actually show. Expect a reply in about a week.

Out of scope: the third-party APIs the bot calls, and a deployer's own setup (exposed metrics port, weak admin password, a leaked config.ini).

There aren't any published security advisories