Skip to content

Security: svengo/docker-tor

SECURITY.md

Security Policy

Supported versions

Only the current release, the latest tag, and the current stable Tor version (e.g., 0.4.8.11) are supported. See README.md for a list of currently supported tags. All other tags will not receive updates.

Report a vulnerability

Reporting Tor vulnerabilities

If you have found a vulnerability in Tor, please email security@torproject.org. See Tor’s bug-reporting guidelines for details.

Docker image vulnerability

If you discover a potential vulnerability in this Docker image, please submit it privately via the security report form.
See the GitHub documentation for details.

Other

Report vulnerabilities in third-party modules to the person or team maintaining the module.

Disclosure Policy

The issue will be published as a security advisory.

Update Policy

Security is a priority. I will update the supported tags as soon as a new Tor or Alpine release is available. Please give me three days to perform and test the update. I will also periodically rebuild the image to include updated Alpine packages with important security fixes.

Tools

To keep the docker image secure, several automated systems are in place:

  • Dependabot: Configured to automatically update dependencies (dependabot.yml).
  • GitHub Actions: A suite of workflows monitors for updates and performs checks:

There aren't any published security advisories