I support the current stable version and the latest release of the previous major branch. Security patches are only backported to the supported versions listed below.
| Version | Supported |
|---|---|
| 3.x.x | Not out yet |
| 2.x.x | ✅ |
| 1.x.x | ❌ |
| < 1.0 | ❌ |
The security of Hypastack and its users is my highest priority. If you discover a vulnerability or have a security concern, please contact me directly.
- Communication Channel: Please send a detailed report to:
usekiko@hypamail.me. - Report Contents:
- A clear description of the vulnerability (What is it? How does it impact the system?).
- Steps to reproduce the issue (Proof of Concept).
- The environment in which the vulnerability was identified.
- Response Time: I will endeavor to acknowledge receipt of your report within 72 hours.
- Confidentiality: All reports are treated as strictly confidential. I do not disclose information about vulnerabilities until a fix has been developed and a patch is released.
- Process: Upon receiving a report:
- I will verify the vulnerability.
- If the report is accepted, you will be updated on the progress of the fix.
- Once the patch is released, your report will be closed, and you may be credited in our project contributors list (if desired).
- Non-Disclosure Policy: Please do not exploit the discovered vulnerabilities in a harmful way and refrain from publicizing them before our official response.
Note: Hypastack does not currently operate a paid bug bounty program, but i deeply appreciate and acknowledge every contribution to improving our security.