PlanOpticon
Security Policy
Reporting a Vulnerability
If you discover a security vulnerability in PlanOpticon, we ask that you report it responsibly. Please do not open a public GitHub issue for security vulnerabilities.
Instead, send an email to:
Include as much of the following information as possible:
- A description of the vulnerability and its potential impact
- Steps to reproduce the issue
- Any relevant logs, screenshots, or proof-of-concept code
- Your recommended fix, if you have one
What to Expect
- Acknowledgment: We will acknowledge receipt of your report within 2 business days.
- Assessment: We will investigate and assess the severity of the issue. We may reach out to you for additional details.
- Resolution: We will work on a fix and coordinate disclosure with you. We aim to resolve critical issues within 14 days.
- Credit: With your permission, we will credit you in the release notes for the fix.
Supported Versions
We provide security updates for the latest minor release of PlanOpticon. We recommend always running the most recent version.
| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |
Scope
This security policy covers the PlanOpticon application and its first-party code. Vulnerabilities in third-party dependencies should be reported to the respective upstream projects, though we appreciate being notified so we can update our dependencies promptly.
Thank You
We value the security research community and appreciate the effort that goes into finding and responsibly disclosing vulnerabilities. Thank you for helping keep PlanOpticon and its users safe.