We actively support and provide security updates for the following versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability, please report it responsibly.
- DO NOT create a public GitHub issue for security vulnerabilities
- Email: hi@ultrabalancer.com with subject: "Security Vulnerability Report"
- Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 24-48 hours
- Initial Assessment: Within 7 days
- Fix Timeline: Depends on severity (see below)
| Severity | Response Time | Fix Target |
|---|---|---|
| Critical | 24 hours | 7 days |
| High | 48 hours | 14 days |
| Medium | 7 days | 30 days |
| Low | 30 days | Next minor |
When deploying UltraBalancer:
- Network Isolation: Run in a trusted network environment
- TLS/SSL: Use HTTPS for sensitive traffic
- Access Control: Limit admin endpoint access
- Monitoring: Enable metrics and health checks
- Updates: Keep your installation up to date
- Connection rate limiting
- IP-based filtering
- Request timeout handling
- Circuit breaker pattern
- Secure error handling (no sensitive data in logs)
We appreciate responsible disclosure and will credit reporters (if desired) in the security advisory.