The following versions of ProxyPilot are currently supported with security updates:
| Version | Supported |
|---|---|
| latest | ✅ |
| < 1.0 | ❌ |
We take the security of ProxyPilot seriously. If you discover a security vulnerability, please report it responsibly.
You can report a vulnerability through one of the following methods:
-
GitHub Security Advisory (Preferred): Open a private security advisory through GitHub Security Advisories. This allows for private discussion and coordination.
-
Email: Send an email to the project maintainers with details of the vulnerability. Please include:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes (if available)
After submitting a vulnerability report:
- Initial Response: You will receive an acknowledgment within 48 hours confirming we have received your report.
- Assessment: We will investigate and assess the vulnerability within 7 days.
- Resolution Timeline: We aim to release a fix for confirmed vulnerabilities within 30 days, depending on complexity.
- Disclosure: Once a fix is released, we will coordinate with you on public disclosure timing.
We will keep you informed throughout the process and credit you for the discovery (unless you prefer to remain anonymous).
To protect our users, we ask that you:
- DO NOT disclose the vulnerability publicly until a fix has been released.
- DO NOT exploit the vulnerability beyond what is necessary to demonstrate the issue.
- DO NOT access, modify, or delete data belonging to other users.
- DO provide us with reasonable time to address the issue before any public disclosure.
- DO act in good faith to avoid privacy violations, data destruction, or service disruption.
We are committed to working with security researchers and will not take legal action against individuals who discover and report vulnerabilities responsibly.
- Always use the latest version of ProxyPilot.
- Review and understand the proxy configurations before deployment.
- Use secure connections (HTTPS) where applicable.
- Regularly review access logs for suspicious activity.
Thank you for helping keep ProxyPilot and its users safe.