Please do not report security vulnerabilities through public GitHub issues.
If you discover a security vulnerability, please report it by emailing [email protected].
Please include the following information in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Affected versions
- Potential impact
- Any suggested fixes (if available)
We will acknowledge your report within 5 business days and provide a detailed response within 15 business days indicating the next steps in handling your report.
We will keep you informed of the progress towards a fix and may ask for additional information or guidance.
Security updates will be released as soon as possible after a fix is available. We recommend keeping your installation up to date with the latest releases.
When using Gthulhu, we recommend:
- Keep the software updated to the latest version
- Follow the principle of least privilege
- Review and audit your configurations regularly
Thank you for helping to keep Gthulhu and our users safe!