DISCLAIMER!
- This is personally maintained opensource project. Best effort will be made to support its security and resiliency but as per license, no warranty.
- As deployment role for ansible, vulnerability for ansible, targeted deployed software(s) or underlying operating system(s) won't be accepted. It is the responsibility of the user to ensure those are maintained appropriately and in non-vulnerable versions.
- I believe in transparency. Considering the scope of project, it is less likely that a security issue would be a major impact and full disclosure should not be an issue but if you believe otherwise, use the web form.
When applicable, Security Advisories will be created inside GitHub following Creating a repository security advisory.
Please use one of below process to report a vulnerability to the project:
- GitHub issue "Report a security issue":
- Web Form
- GitHub Private vulnerability reporting
- Bug Bounty
If issue is critical and not public, please use the web form. You can use First.org Common Vulnerability Scoring System Version 3.0 Calculator to score vulnerability.
Do not forget to tell us if and how you want to be acknowledged.
This project follows an immediate (public issue) or 30-days (web form) disclosure timeline.
This project won't request CVE(s).
This project is not part of any Bug Bounty program.
Only latest release or tag is supported along HEAD for main branch. Tests are usually focus on the latest LTS from RedHat and Ubuntu but contributions for other distributions or versions are welcomed.
We prefer all communications to be in English.