π‘οΈ Protecting Our Community & Users - Responsible security vulnerability disclosure and management for the Poxy CLI project. Your security is our top priority.
π Supported Versions β’ π¨ Report Vulnerabilities β’ β±οΈ Response Times β’ π Disclosure Process
At REZ LAB, we take security seriously and are committed to protecting our users and community. We appreciate the security research community and follow responsible disclosure practices to ensure the safety of our users while giving researchers appropriate credit for their findings.
| Version | Support Status | Security Updates |
|---|---|---|
| Latest Release | β Active | π Full Support |
| Previous Versions | π Critical Only | |
| Beta/Development | π§ Experimental | π As Needed |
Note: We recommend always using the latest stable version for the best security coverage.
If you discover a security vulnerability, please do NOT create a public issue on GitHub. Instead, follow our secure reporting process:
- Primary Contact: work.rezaul@outlook.com
- Response Time: Within 48 hours
- Encryption: PGP/GPG support available upon request
Please provide as much detail as possible to help us understand and address the issue:
- π Vulnerability Type: (e.g., XSS, CSRF, Authentication Bypass, etc.)
- π Location: File name, function, or specific code section
- π₯ Impact Assessment: Potential consequences and affected users
- π Reproduction Steps: Clear instructions to reproduce the issue
- π οΈ Suggested Fix: Your recommended solution (if available)
- π§ Environment Details: OS, Python version, dependencies used
- β Do not exploit the vulnerability for malicious purposes
- β Do not share details publicly until coordinated disclosure
- β Do not attempt to access unauthorized systems or data
| Action | Timeframe | Description |
|---|---|---|
| Initial Response | β° 48 hours | Acknowledge receipt of your report |
| Investigation Start | π 1 week | Begin technical investigation |
| Status Updates | π Bi-weekly | Regular progress updates |
| Fix Development | π§ 2-4 weeks | Develop and test security patch |
| Coordinated Disclosure | π’ Mutually agreed | Public announcement timing |
- π₯ Acknowledgment - Confirm receipt within 48 hours
- π Triage - Assess severity and impact
- π¬ Investigation - Technical analysis and reproduction
- π οΈ Fix Development - Create and test security patches
- β Validation - Verify fix effectiveness
- π’ Disclosure - Coordinated public announcement
We maintain a Security Researcher Hall of Fame to recognize researchers who help improve our security:
- Public acknowledgment in release notes
- Credit in security advisories
- Invitations to private beta programs
- Potential bounties for critical findings
- Reports must follow responsible disclosure practices
- Clear, actionable reports receive priority attention
- Collaborative attitude appreciated during fix development
- Keep your software updated to the latest version
- Use strong, unique passwords for proxy authentication
- Regularly review and audit proxy configurations
- Monitor proxy logs for suspicious activity
- Follow secure coding practices
- Implement proper input validation
- Use encryption for sensitive data
- Regular security code reviews
- Test in safe, isolated environments
- Document findings thoroughly
- Allow reasonable time for fixes before disclosure
- Respect user privacy and data protection
- GitHub Issues: For non-security related bugs and features
- General Support: For usage questions and general help
- Emergency: For active exploitation, contact immediately
- π Contributing Guide - How to contribute to the project
- π€ Code of Conduct - Community guidelines
- π Usage Guide - How to use Poxy CLI safely
This security policy is maintained and updated regularly to reflect our current practices and response capabilities.
π Home β’ π Contributing β’ π€ Code of Conduct β’ π Usage
π Security Maintained by REZ LAB