2023-01-25 12:16:57 +00:00
|
|
|
# Security Policy
|
|
|
|
|
|
|
|
|
|
## Supported Versions
|
|
|
|
|
|
|
|
|
|
Mirror & Mirror LTS are both supported for security fixes.
|
|
|
|
|
|
|
|
|
|
## Reporting a Vulnerability
|
2023-01-25 12:20:52 +00:00
|
|
|
Please email security [at] mirror-networking.com to report a vulnerability.</br>
|
2023-01-25 12:16:57 +00:00
|
|
|
You can also contact us in [our Discord](https://discord.gg/N9QVxbM) for faster replies.
|
|
|
|
|
|
2023-01-25 12:20:52 +00:00
|
|
|
You can expect a reply within 24-48 hours.</br>
|
2023-01-25 12:16:57 +00:00
|
|
|
We will keep you updated on our steps to mitigate issues every 2-4 weeks.
|
|
|
|
|
|
2023-02-22 05:22:14 +00:00
|
|
|
## Timelines
|
|
|
|
|
Critical vulnerabilities can be expected to be patched within 1-2 weeks.
|
|
|
|
|
Medium risk vulnerabilities can be expected to be patched within 2-3 weeks.
|
|
|
|
|
Low risk vulnerabilities will be patched within 3-4 weeks.
|
|
|
|
|
|
2023-01-25 12:18:08 +00:00
|
|
|
## Bug Bounty
|
2023-01-25 12:16:57 +00:00
|
|
|
Depending on the severity of the exploit, we offer a $50 - $500 bug bounty.
|
|
|
|
|
|
|
|
|
|
**Specifically we are looking for:**
|
|
|
|
|
* Ways to crash a Mirror server.
|
|
|
|
|
* Ways to exploit a Mirror server.
|
|
|
|
|
* Ways to leave a Mirror server in undefined state.
|
|
|
|
|
|
|
|
|
|
We are **not** looking for DOS/DDOS attacks, as those are expected to be handled by the hosting infrastructure.
|
2023-01-26 05:27:53 +00:00
|
|
|
|
|
|
|
|
## Notifications
|
|
|
|
|
In case of security breaches, Mirror users will be informed in our [Discord server](https://discord.gg/N9QVxbM) and release changelogs.
|
|
|
|
|
Since we collect no user data, you are recommended to read the changelog and follow our Discord announcements.
|
