Skip to content

Security: Zw-awa/AmpRelay

SECURITY.md

Security Policy

English | 简体中文

Reporting A Vulnerability

Please do not open a public issue for problems that could realistically be abused as a security vulnerability.

If a report involves:

  • command injection
  • unauthorized control paths
  • privilege boundary violations
  • secret or credential exposure
  • unsafe update or provisioning behavior
  • a flaw that could enable dangerous unintended control through malicious input

report it privately first through the repository owner's available contact path.

Please include:

  • a clear summary
  • affected files or subsystem
  • reproduction steps if known
  • expected impact
  • suggested mitigation if available

What Counts As A Security Issue Here

Examples include:

  • a host-side tool executing untrusted input unsafely
  • a control or messaging path that can be abused to perform unintended actions
  • unsafe handling of credentials, tokens, or secrets once such setup exists
  • a vulnerability that makes a documented supported workflow unsafe under malicious input

What Does Not Belong In The Private Security Process

The following are generally not private security reports:

  • ordinary bring-up bugs
  • documentation mistakes with no security impact
  • expected instability in unfinished prototype code
  • unsupported local modifications
  • environment setup failures without a plausible security angle

Those issues should usually be reported through the normal public bug or support path.

Supported Scope

This repository is in planning and bootstrap. Security handling is best-effort, and response time may vary.

Disclosure Guidance

Please allow time for review and mitigation before publishing detailed exploit steps. Coordinated disclosure is preferred.

There aren't any published security advisories