All versions of relayrl prior to 0.5.0 are unsupported.
| Version | Supported |
|---|---|
| 0.5.x | ✅ |
| 0.5.0-x | ❌ |
| 0.4.x | ❌ |
All versions of other crates not included in a stable release are unsupported as well.
Please do not open a public GitHub issue for security vulnerabilities.
Report security issues privately by emailing jacksonr121@outlook.com with the subject line [RelayRL x.x.x Vulnerability] with x.x.x replaced with proper version. If you prefer encrypted communication, ask for a PGP key in your first message.
What to include A useful report covers:
- Description: what the vulnerability is and which component is affected.
- Impact: what an attacker could do if they exploited it (e.g. arbitrary code execution, data exfiltration, denial of service).
- Reproduction steps: a minimal example or proof-of-concept showing the issue.
- Affected versions: which crate and version you tested against.
- Suggested fix (optional): if you have a patch or a fix direction in mind.
Acknowledgement within a few business days
Status update within 14 days telling you whether the issue is accepted, needs more information, or is out of scope.
If the issue is accepted, a patched release will be targeted within a reasonable timeline and you will be credited in the changelog (unless you prefer anonymity).
If the issue is declined, you will receive an explanation of why.