Skip to content

Security: jrcalgo/RelayRL

SECURITY.md

Security Policy

Supported Versions for relayrl

All versions of relayrl prior to 0.5.0 are unsupported.

Version Supported
0.5.x
0.5.0-x
0.4.x

All versions of other crates not included in a stable release are unsupported as well.

Reporting a Vulnerability

Please do not open a public GitHub issue for security vulnerabilities.

Report security issues privately by emailing jacksonr121@outlook.com with the subject line [RelayRL x.x.x Vulnerability] with x.x.x replaced with proper version. If you prefer encrypted communication, ask for a PGP key in your first message.

What to include A useful report covers:

  • Description: what the vulnerability is and which component is affected.
  • Impact: what an attacker could do if they exploited it (e.g. arbitrary code execution, data exfiltration, denial of service).
  • Reproduction steps: a minimal example or proof-of-concept showing the issue.
  • Affected versions: which crate and version you tested against.
  • Suggested fix (optional): if you have a patch or a fix direction in mind.

Acknowledgement within a few business days

Status update within 14 days telling you whether the issue is accepted, needs more information, or is out of scope.

If the issue is accepted, a patched release will be targeted within a reasonable timeline and you will be credited in the changelog (unless you prefer anonymity).

If the issue is declined, you will receive an explanation of why.

There aren't any published security advisories