| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
Do not report security vulnerabilities through public GitHub issues.
Email: security@your-domain.com
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Suggested fix (if any)
- 48 hours: Initial acknowledgment
- 7 days: Assessment and severity determination
- 90 days: Target fix timeline (may vary by severity)
- wg-mesh-manager package
- wg-mesh-discovery package
- Official documentation
- Third-party dependencies (report to upstream)
- Social engineering attacks
- Denial of service attacks
We consider security research conducted in good faith to be:
- Authorized concerning any applicable anti-hacking laws
- Exempt from DMCA restrictions on circumvention
- Lawful, helpful, and in the interest of users
We will not pursue legal action against researchers who:
- Act in good faith
- Avoid privacy violations and data destruction
- Report findings before public disclosure
- Keep Updated: Use the latest version
- Secure Keys: Never share private WireGuard keys
- Firewall: Configure firewall rules properly
- Backups: Encrypt backup files containing keys
- Access: Limit router access
- Input Validation: Validate and sanitize all inputs
- No Secrets: No hardcoded credentials
- Secure Defaults: Conservative configurations
- Least Privilege: Minimum necessary permissions
- Review: All changes require review
We disclose after:
- Fix is available
- Users have reasonable time to update
- Reporter agrees (or 90 days pass)
Credit given unless anonymity preferred.
None currently.