We provide security updates for specific maintained versions of SecSuite. If your version is not listed below, it is no longer supported and may not receive security fixes.
| Version | Supported |
|---|---|
| main | ✅ |
| 1.x | ❌ |
If you discover a potential security vulnerability in SecSuite, please report it privately to our security team so we can investigate and coordinate a fix before public disclosure.
Preferred reporting methods:
- Email: deleterious420@gmail.com
- GitHub: Open a private security advisory in this repository
When reporting, please include:
- A clear and concise description of the vulnerability.
- Steps to reproduce the issue (proof-of-concept) or a small test case.
- Impact assessment (what could an attacker do).
- Any mitigations you've tried or temporary workarounds.
- Your contact information for follow-up.
We will acknowledge receipt within 3 business days and provide a status update within 7 calendar days. If the report requires more time, we'll provide periodic updates until resolved.
- Triage: We'll verify the report and determine severity.
- Fix: We'll create a fix branch and include tests where appropriate.
- Coordinated Disclosure: We'll work with you to coordinate a disclosure timeline and release a patched version.
- Public Advisory: After release, we'll publish details of the vulnerability and the fix in a public advisory.
We ask that reporters do not publicly disclose vulnerabilities until a fix is released or we agree on a disclosure timeline.
If you believe the vulnerability is being actively exploited or poses an immediate threat, indicate this in your report and we will prioritize accordingly.
Thank you for helping us keep SecSuite secure. We appreciate responsible disclosure and will credit reporters who request acknowledgment.