The following versions of Calagopus panel are currently receiving security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ Yes |
| < 1.0.0 | ❌ No |
Note: If a reported vulnerability cannot be reproduced on the oldest supported version, it may not be considered valid. However, depending on the nature and impact of the issue, we may still publish a security advisory to inform users of older versions.
We take the security of this project seriously. If you believe you have found a security vulnerability, do not report it through a public GitHub issue or on Discord.
Please report vulnerabilities using one of the following methods:
- GitHub Private Vulnerability Reporting: Use the Security Advisories tab in this repository.
- Email: Send details to
security@calagopus.com. If the report contains sensitive information, please encrypt it using our PGP key.
Please include as much of the following information as possible to help us understand and reproduce the issue:
- Type of vulnerability
- Step-by-step instructions to reproduce the issue
- Proof-of-concept (if available)
- Your views on potential impact
We kindly ask that you:
- Give us a reasonable amount of time to address the issue before public disclosure.
- Avoid accessing or modifying data that does not belong to you.
- Act in good faith and avoid actions that could harm the project or its users.
If you want to use encrypted communication, you should use our GPG Key. For sanity reasons, this key is included in a separate repository (calagopus/branding SECURITY-PGP.md).