Skip to content

SECURITY

Vulnerability disclosure.

If you've found a vulnerability, let us know privately before disclosing publicly.

security@openlinker.io

  1. 01 How to report

    Email security@openlinker.io. Describe the issue, reproduction steps, potential impact. PGP/age welcome for sensitive details.

  2. 02 What you'll get

    Acknowledgement within 72 hours. Initial impact assessment and patch timeline within a week. Credit in the changelog unless you ask for anonymity.

  3. 03 What not to do

    Don't test against other users' production deployments. Don't disclose publicly before coordination. Don't ransom — that's not our model.

  4. 04 Scope

    Apache 2.0 — the code we publish. Your installation, your hosting, your configurations are out of scope. Auditing your deploy config is not our responsibility.

SECURITY.md in repo