Skip to content

Security: SnarpleDev/Voyager

Security

Report a vulnerability

SECURITY.md

Security Policy

This is the Security Policy for Voyager, in which we will go over full detail of security related things, like reporting vulnerabilities, version support plans and more. Let's start!

Version Support Plans

The current plan (drafted by me, @dynamixbot) are to support the versions for as long as we can (without getting in financial trouble). When a new version is released, the old version will be supported until all users have transitioned. After that, the version will be deprecated and will not work at all. Internal minor updates to the scraper and database will be added in minor patch updates. Major changes or switches will be added only to the new versions. Experimental versions will be immediately depracated after a release of a stable version. Any damage or failure to a service relying on experimental versions are not the responsibility of GetVoyager, Snarple or any affiliates.

Vulnerability discovery and fixing

Please do not report security vunerabilities on GitHub on public issues

Instead, report vulnerabilities from the GitHub security panel where by going into advisories, you can report a vulnerability. If you want to send a vulnerability anonymously, send an email to our team to report the issue. If possible, encrypt the message with our sensitive information key and send it to us. You will receive a response from our team within 24 hours. If for some reason you do not receive a response, please follow-up via email and we will check your reported issue.

If you are sending issues via email, please type it in the following format. GitHub reports will have the following format built-in.

  • Type of issue (eg:- downtime, buffer overflow, SQL injection, cross-site scripting)
  • Level of issue (level 1 to level 4, with level 1 being low harm, and level 4 being server shutdown to fix issue.)
  • Location of bugged code and full path(s) of source files related to demonstration of issue
  • Special configurations related to issue
  • Step-by-step instructions to replicate the issue
  • Exploit code (if possible)
  • Impact of issue (also explaining how a hacker with malicious intent might use the exploit.)

All of this information will help us to prioritize your issue.

Preferred Language

It is recommended that you use English to transcribe the issue. However it is not mandatory.

There aren’t any published security advisories