Skip to content

Security: HypaStack/Hypastack-Open-Source

SECURITY.md

Security Policy

Supported Versions

I support the current stable version and the latest release of the previous major branch. Security patches are only backported to the supported versions listed below.

Version Supported
3.x.x Not out yet
2.x.x
1.x.x
< 1.0

Reporting a Vulnerability

The security of Hypastack and its users is my highest priority. If you discover a vulnerability or have a security concern, please contact me directly.

How to report a vulnerability?

  1. Communication Channel: Please send a detailed report to: usekiko@hypamail.me.
  2. Report Contents:
    • A clear description of the vulnerability (What is it? How does it impact the system?).
    • Steps to reproduce the issue (Proof of Concept).
    • The environment in which the vulnerability was identified.
  3. Response Time: I will endeavor to acknowledge receipt of your report within 72 hours.

What to expect?

  • Confidentiality: All reports are treated as strictly confidential. I do not disclose information about vulnerabilities until a fix has been developed and a patch is released.
  • Process: Upon receiving a report:
    • I will verify the vulnerability.
    • If the report is accepted, you will be updated on the progress of the fix.
    • Once the patch is released, your report will be closed, and you may be credited in our project contributors list (if desired).
  • Non-Disclosure Policy: Please do not exploit the discovered vulnerabilities in a harmful way and refrain from publicizing them before our official response.

Note: Hypastack does not currently operate a paid bug bounty program, but i deeply appreciate and acknowledge every contribution to improving our security.

There aren't any published security advisories