Only the latest released minor version receives security fixes. Older tags are not patched.
Please do not open a public GitHub issue for security problems.
Report privately via GitHub's private vulnerability reporting on this repository, or email the maintainer at the address listed on the GitHub profile of @deveshctl.
Include:
- A short description of the issue and its impact.
- Steps to reproduce, or a minimal proof-of-concept image / archive / config.
- The layerx version (
layerx --version) and OS.
You should get an acknowledgement within 3 business days. We aim to ship a fix or mitigation within 30 days for high-severity issues; lower-severity issues may take longer.
In scope:
- Code execution, path traversal, or unbounded memory / disk use triggered by a crafted image, archive, or
.layerx.yaml. - Cache directory or extracted-file write paths escaping their intended root.
- Any way
layerx cican be made to exit0on an image that should fail its configured rules.
Out of scope:
- Vulnerabilities in Docker Engine, the Go toolchain, or third-party dependencies — report those upstream. We will pull in fixed versions.
- Issues that require an attacker to already control the host running layerx.
layerxreads tar entries with a hard 2 GiB-per-entry cap; a crafted size header cannot exhaust memory.- Cache writes use temp file + fsync + atomic rename; a partial write cannot leave a corrupted cache entry.
- File extraction (
xin the TUI) writes only into the current directory and validates paths before opening files.
If any of these guarantees are observably broken, that's a security bug — please report it.
Each tagged release publishes:
checksums.txt— SHA-256 of every archive, deb, and rpm.checksums.txt.sigstore.json— keyless cosign signature overchecksums.txt, packaged in Sigstore's bundle format (signature + signing certificate in one file). Identity is bound to this repository's release workflow via GitHub OIDC and recorded in Sigstore's public transparency log (Rekor).<archive>.sbom.json— SPDX 2.3 software bill of materials per archive, generated by syft.multiple.intoto.jsonl— SLSA Build Level 3 provenance attestation over the checksums file, produced byslsa-framework/slsa-github-generator's isolated builder.
The full verification recipe is in the README's "Verifying releases" section. At a minimum:
cosign verify-blob \
--bundle checksums.txt.sigstore.json \
--certificate-identity-regexp "^https://github.com/deveshctl/layerx/" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
checksums.txtA failed verification means the artifact was not produced by this repository's release workflow. Treat it as untrusted.