All versions of the code under the hawk-eye project are covered by this security policy. Before reporting a vulnerability, please ensure the following:
- You are using the latest version of the project.
- The vulnerability has not already been reported in our issue tracker.
- The issue is a genuine security vulnerability and not a false positive. For example:
- If you're reporting vulnerabilities like command execution, we will only address cases where the payload is sourced from third-party platforms/libraries or user input, rather than hardcoded data (e.g., in
connection.yamlfiles).
- If you're reporting vulnerabilities like command execution, we will only address cases where the payload is sourced from third-party platforms/libraries or user input, rather than hardcoded data (e.g., in
You can report a vulnerability by raising an issue with detailed information about the security concern. We will review the issue and work with you to resolve it promptly.