|
nfoTools |
nfoTools>
SECURITY>
1.1.0 2024-11-09T19:31Z |
While there is generally no code that would be installed for end-users, there are potentially "supply-chain" risks that might emerge with the use of an nfoTool dependency in a down-stream development.
Although there are no such cases at this time, these security provisions are in place as a precaution against eventualities where threat surface exposures might arise.
Most considerations of errors and defects can be handled using the project Issues and Discussion topics. As a safe practice, there is also security-reporting support for currently-released nfoTools.
| Version | Supported |
|---|---|
| VCrayApp 0.1.0-beta | ✅ |
Public vulnerability announcements confirm vulnerabilities, reporting their nature, their mitigation, and any actions required by those who may be employing vulnerable software versions. Occassionally, a vulnerability announcement can explain why a particular situation does not qualify as a vulnerability.
Find already-issued public vulnerability announcements, if any, for the nfoTools project/repository at nfoTools advisories.
See the orcmid.github.io Security Sandbox for a walk-through of what to expect, how to kick off a vulnerability report, and an alternative reporting option.
Securely report an exploitable vulnerability or exposed threat-surface specific to nfoTools using the vulnerability reporting provision of the nfoTools Project Security tab.
For independent releases of a fork-/clone-based project, it must be clear that there is no support commitment at the nfoTools Project and the Security Policy does not extend to the fork/clone.
|
You are navigating the nfoTools Project on Github |
created 2024-09-04 by orcmid |