| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take security seriously. If you discover a security vulnerability in Camouf, please report it responsibly.
- Do not open a public GitHub issue for security vulnerabilities
- Email the maintainers directly or use GitHub's private vulnerability reporting feature
- Include detailed steps to reproduce the vulnerability
- Allow reasonable time for a fix before public disclosure
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Fix Timeline: Depends on severity, typically within 30 days
| Level | Description | Response Time |
|---|---|---|
| Critical | Remote code execution, data breach | 24-48 hours |
| High | Privilege escalation, significant data exposure | 7 days |
| Medium | Limited impact vulnerabilities | 30 days |
| Low | Minor issues, hardening suggestions | Next release |
When using Camouf in your projects:
- Keep Camouf updated to the latest version
- Review configuration files before committing
- Use environment variables for sensitive paths
- Run with minimal required permissions
We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities (unless they prefer to remain anonymous).