The following versions of StruLink are currently being supported with security updates:
| Version | Supported |
|---|---|
| 2.2.x | ✅ |
| 2.1.x | ✅ |
| 2.0.x | ✅ |
| < 2.0 | ❌ |
We take the security of StruLink seriously. This library is designed for security testing and protection against URI-based attacks, so maintaining its integrity is our highest priority.
If you discover a security vulnerability within StruLink, please follow these steps:
- Do not disclose the vulnerability publicly until it has been addressed by our team
- Include detailed information about the vulnerability:
- Description of the issue
- Steps to reproduce
- Potential impact
- Suggested fix (if available) Click the google form link below to report a vulnerability. Report now
Direct link to google form https://forms.gle/VwP2mQHFR8VrrQp39
- Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
- Verification: Our team will verify the issue and determine its impact
- Resolution Timeline: We aim to release a patch within 7-14 days, depending on severity
- Credit: With your permission, we will credit you in the release notes when the issue is fixed
When implementing StruLink in your applications, we recommend the following security practices:
- Always use the latest version to benefit from security patches and improvements
- Implement proper input validation in addition to using this library
- Configure WAF features appropriately for your specific use case
- Monitor logs for potential attack patterns detected by the library
- Regularly update your security rules and patterns
StruLink includes several security-focused features:
- Parameter analysis for common injection patterns (SQL injection, XSS, path traversal)
- WAF bypass detection with mixed encoding strategies
- Support for detecting various encoding techniques used in attacks
- Detailed URI validation with customizable rules
We follow responsible disclosure principles and expect the same from security researchers. We will not take legal action against researchers who follow responsible disclosure practices.
Thank you for helping keep StruLink secure!