Skip to content

Security: probelabs/probe

Security

SECURITY.md

Security Policy

Supported Versions

Probe does not maintain long-term release branches. Security fixes are only included in new releases moving forward, rather than being backported to previous versions.

Version Supported
latest
< latest

Reporting a Vulnerability

We take the security of Probe seriously. If you believe you've found a security vulnerability, please follow these steps:

For Public Vulnerabilities

If the vulnerability is not sensitive and does not put users at immediate risk:

  1. Open an Issue: Create a regular issue on our GitHub repository with the [security] prefix in the title.
  2. Provide Details: Include a clear description of the vulnerability, steps to reproduce, and potential impact.
  3. Suggest a Fix: If possible, suggest how the vulnerability might be addressed.

For Sensitive Vulnerabilities

If the vulnerability is sensitive or could put users at immediate risk:

  1. Do Not Open a Public Issue: Please do not disclose sensitive vulnerabilities publicly.
  2. Email the Maintainers: Send an email to leonsbox@gmail.com with details about the vulnerability.
  3. Use Encryption: If possible, encrypt your message using our PGP key (available upon request).
  4. Be Patient: We'll acknowledge receipt of your report within 48 hours and provide a timeline for addressing the issue.

What to Include in Your Report

When reporting a vulnerability, please include:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Any potential mitigations you've identified
  • Your contact information for follow-up questions

Our Commitment

When we receive a security report, we will:

  1. Confirm receipt of the report within 48 hours
  2. Provide an initial assessment of the report within 7 days
  3. Keep you informed about our progress addressing the issue
  4. Credit you when we release a fix (unless you prefer to remain anonymous)

Security Update Policy

  • Security fixes will be released as part of regular new releases
  • We do not maintain or backport security fixes to previous versions
  • Users are encouraged to always use the latest version of Probe

Best Practices for Users

To minimize security risks when using Probe:

  1. Always use the latest version
  2. Be cautious when running Probe on untrusted codebases
  3. Review the permissions granted to Probe in your environment
  4. Follow security best practices for your operating system

Thank you for helping keep Probe and its users secure!

There aren’t any published security advisories