NoTailCar is pre-release. Security fixes land on main until the first tagged release.
Please use GitHub private vulnerability reporting for this repository. Maintainers should enable it before publishing the repository publicly.
If private vulnerability reporting is unavailable, open a minimal public issue asking for a private disclosure channel. Do not include vulnerability details, credentials, Tailnet metadata, logs, screenshots, or exploit steps in that public issue.
Do not open public issues containing:
- real auth keys
- Tailnet IP inventories
- private hostnames
- production ACL policy details
- screenshots of admin consoles containing secrets
Security-sensitive areas include:
- Tailscale auth key handling
- Nomad Variable rendering
- exit-node enforcement
- egress IP verification
- generated examples that might encourage unsafe defaults
NoTailCar examples are designed for private networking and no public ingress by default. Treat all examples as templates and review them against your own Tailnet ACLs and Nomad security model before production use.