| Version | Supported |
|---|---|
| 6.0.x | ✅ |
| < 6.0 | ❌ |
If you discover a security vulnerability in FREGONATOR, please report it via:
- GitHub Issues: Open an issue with the label
security - Email: dev@costa-da-morte.com
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial response: 48 hours
- Fix timeline: Depends on severity (critical: 24h, high: 7 days, medium: 30 days)
FREGONATOR is designed with security in mind:
- 100% visible code: All PowerShell source code is readable
- No compiled binaries: Nothing hidden, nothing obfuscated
- No telemetry: Zero data collection
- No network calls: Except for winget updates (Windows native)
- No background services: Runs only when you click it
- No admin persistence: Doesn't install services or scheduled tasks by default
You are encouraged to review the code before running:
# Main files to review:
# - Fregonator.ps1 (~3800 lines) - Main engine
# - Fregonator-Launcher.ps1 - GUI launcher
# - Fregonator-Monitor.ps1 - Progress monitorThis program will not transfer any information to other networked systems unless specifically requested by the user.
Specifically:
- No telemetry: Zero data collection, zero tracking, zero analytics
- No phone home: No update checks, no license verification, no usage reports
- No third-party SDKs: No embedded analytics or advertising frameworks
- Network activity: Only
winget upgrade(Windows native) when explicitly selected by the user from the terminal menu. No other network calls are made.
Free code signing provided by SignPath.io, certificate by SignPath Foundation.
Signing team:
- Martin Caamano Castineira (@dthcst) - Author, Reviewer, Approver
Thank you for helping keep FREGONATOR safe!