Skip to content

Security: abreu0x/isapi-cli

Security

SECURITY.md

Security Policy

Supported versions

This is a portfolio project. Security fixes are applied to the latest tagged release and main only. Older tags are not maintained.

Version Supported
latest release
main
older tags

Reporting a vulnerability

Please report vulnerabilities privately via GitHub's Private vulnerability reporting: open the repository's Security tab → Report a vulnerability.

Please do not open a public issue for a suspected vulnerability.

When reporting, include where practical:

  • affected version / commit,
  • a minimal reproduction or proof of concept,
  • the impact you observed.

Response expectations

This is maintained on a best-effort basis by a single author. Expect an initial acknowledgement within a few days. There is no paid bug-bounty program.

Scope

In scope: code in this repository.

Out of scope: third-party dependencies (report those upstream; runtime CVEs in dependencies are tracked here via scheduled pip-audit and Dependabot), and issues that require physical access to hardware the project talks to.


Repositories that intentionally expose services to hostile traffic (e.g. a honeypot) ship an expanded SECURITY.md covering kill-switch, data retention, and PII-anonymization on top of this default. See that repo's own policy.

There aren't any published security advisories