Skip to content

Security: JohnNiang/halo

Security

SECURITY.md

Security Policy

Supported Versions

Halo currently supports the versions listed below, where as:

  • ✅ indicates an active development roadmap, is therefore maintaining, and will receive Security Vulnerability Report.
  • ❌ indicates such version has already deprecated and will not be receiving Security Vulnerability Report.
Version Supported
0.x
1.x
2.x

Reporting a Vulnerability

We first appreciate and are very thankful that you've found a vulnerability issue in Halo! By disclosing such issue to Halo development team you are helping Halo to become a much more safer project than before! ;)

To protect the existing users of Halo, we kindly ask you to not disclose the vulnerability to anyone except the Halo development team before a fix has been rolled out.

To Report a Vulnerability, please complete the form below, and send such report by email to [email protected].

Vulnerability has been observed in...
  - Docker? [n/y]: 
    if yes for the question above,
    - `docker -v`: 
    - `docker images halohub/halo`: 
  
  - by `java -jar halo.jar`? [n/y]: 
    if yes for the question above,
    - `uname -a`: 
    - `java -version`: 
 
- Affected by Halo version(s) [e.g. v2.4.0]: 
- Vulnerability self-scoring [1-10]: 
- Would you like to be attributed? (Whether you agree us to appreciate you by putting your name in the CHANGELOG of the next fix release) [n/y]: 

There aren’t any published security advisories