lee/OliveTin
1
0
Fork 0
mirror of https://github.com/OliveTin/OliveTin synced 2026-05-03 20:50:39 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
Files
aa2bd95ccb8f00a1c97ebcb0a03e8d49867ffde6
OliveTin/SECURITY.md
T
jamesread 4e2fdc2d96 chore: fix security advisory link
2026-02-26 00:11:21 +00:00

2.5 KiB
Raw Blame History

Security Policy

Supported Versions

The following branches are currently being supported with security updates:

Version Supported
main (3k release branch)
release/2k (2k release branch)

To understand more about 2k vs 3k, see the following docs; https://docs.olivetin.app/upgrade/2k3k.html

OliveTin is a remote code execution (RCE) "tool"

The very purpose of OliveTin is to allow users to execute commands remotely on a machine.

This means that, by design, OliveTin has much higher potential to be used for remote code execution (RCE), and any security vulnerabilities that do occur have the potential to be much more severe than in other types of software.

We hope that you understand that while the project goes to great aims to be safe, and mitigate, that security vulnerabilities are inevitable, as they are with all software of all sizes - like Kubernetes, the Kernel, etc - and OliveTin has substantially less resources than those projects.

With that being said, OliveTin tries to follow examples of best practice, so judge the project not on if/when it has security issues, but how security issues are responded to as the measure of quality.

This is why we take security very seriously, and why we encourage responsible disclosure practices when reporting vulnerabilities.

Reporting a Vulnerability

Please use responsible disclosure practices when reporting a vulnerability. You will receive full credit for your discovery, and we will work with you to ensure that the issue is resolved as quickly as possible. Please note that only James Read has access to security issues at the moment, so please be patient and understanding if you do not receive an immediate response.

  • Option A (preferred): GitHub Security Advisories, which allows you to report a vulnerability privately and securely. Use this direct link to report privately: https://github.com/OliveTin/OliveTin/security/advisories/new. This allows you to provide details without making them public.

  • Option B: Please email contact@jread.com for responsible disclosure.

Disclosure of how vulnerabilities were found

It is incredibly useful to not just patch security vulnerabilities, but also to understand how they were found. If you are able to share this information, it can help us and the community to better understand potential attack vectors and improve the overall security of the project.

Reference in New Issue View Git Blame Copy Permalink