We release patches for security vulnerabilities for the following versions:
| Version | Supported |
|---|---|
| current (main branch) | ✅ |
| older versions | ❌ |
We take the security of LXC AutoScale seriously. If you discover a security vulnerability, please follow these steps:
- Do NOT open a public issue for security vulnerabilities
- Email the maintainer at fabrizio.salmi@gmail.com with:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes (if you have them)
- Acknowledgment: You will receive an acknowledgment within 48 hours
- Updates: We will keep you informed about the progress of fixing the vulnerability
- Credit: If you wish, we will credit you for the discovery when we release a fix
- Please allow us reasonable time to address the vulnerability before public disclosure
- We aim to release security patches as quickly as possible
- We will coordinate with you on the disclosure timeline
When using LXC AutoScale:
- Protect your configuration files: The YAML configuration may contain sensitive information
- Use SSH keys instead of passwords when connecting to remote Proxmox hosts
- Restrict file permissions: Ensure configuration files are only readable by the service user
- Keep the software updated: Regularly update to the latest version
- Review logs regularly: Monitor
/var/log/lxc_autoscale.logfor unusual activity - Backup configurations: Keep backups of your configuration in a secure location
LXC AutoScale includes these security considerations:
- Lock file mechanism to prevent concurrent execution
- Backup creation before making changes
- Rollback capability to restore previous configurations
Thank you for helping keep LXC AutoScale secure!