The following table lists the currently supported versions of BriefOps with security updates:
| Version | Supported |
|---|---|
| Beta2 | ✅ |
| Beta1 | ❌ |
Only the most recent release, Beta2, is actively supported with security patches and updates. Older versions, including Beta1, are no longer maintained for security issues or updates.
If you discover a security vulnerability in BriefOps, please follow the process below to submit a Security Bug Request:
-
Submit a Security Bug Request: Raise Security BUG PR. The report should include:
- A clear and detailed description of the vulnerability.
- Steps to reproduce the issue (if applicable).
- The potential impact or risk associated with the vulnerability.
- Any relevant logs, screenshots, or additional supporting information.
-
Response Time: You can expect an initial acknowledgment of your report within 48 hours. Subsequent updates will be provided as we investigate and resolve the issue.
-
Vulnerability Handling Process:
- After the initial response, the reported security bug will be reviewed and verified.
- If the issue is validated as a legitimate security vulnerability, we will work to reproduce and address the problem promptly.
- You will receive updates on the progress of the resolution and an estimated timeline for a patch or security update.
- Once resolved, a patch will be released, and you will be credited for your discovery unless you prefer anonymity.
-
Disclosure Policy:
- To protect users, we request that you do not share information about the reported vulnerability until it has been addressed and patched.
- Upon releasing the fix, we may publicly acknowledge your contribution in the release notes, with your consent.
- Ensure your instance of BriefOps is running the latest supported version to receive timely security updates.
- Regularly review security configurations and environment variables for compliance with best practices.
- Use secure channels for communication when submitting security bug requests.
Your effort to report any security concerns is greatly appreciated and helps make BriefOps safer for everyone.