We take the security of CallFS seriously. If you discover a security vulnerability, please report it to us as described below.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please send an email to admin.nxpoint@gmail.com with the following information:
- Description of the vulnerability
- Steps to reproduce or proof-of-concept
- Affected versions
- Potential impact
We will acknowledge your email within 48 hours and will send a more detailed response within 72 hours indicating the next steps in handling your report.
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
CallFS implements several security measures:
- API key authentication for all endpoints
- Unix socket-based authorization for local access
- Rate limiting to prevent abuse
- Input validation and sanitization
- Secure file path handling to prevent directory traversal
- TLS encryption for network communication
When deploying CallFS:
- Use strong, randomly generated API keys
- Enable TLS/HTTPS in production
- Regularly update to the latest version
- Monitor access logs for suspicious activity
- Restrict network access to necessary endpoints only
- Use appropriate file system permissions