| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability in roji, please report it through GitHub's private vulnerability reporting feature:
- Go to the Security tab
- Click "Report a vulnerability"
- Provide details about the vulnerability
Alternatively, you can email the maintainer directly.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial response: Within 48 hours
- Status update: Within 7 days
- Fix release: Depends on severity (critical: ASAP, high: 1-2 weeks, medium/low: next release)
- We follow responsible disclosure practices
- Security advisories will be published after a fix is available
- Credit will be given to reporters (unless they prefer to remain anonymous)
When using roji in your development environment:
- Keep roji updated to the latest version
- Don't expose roji to the internet - it's designed for local development only
- Trust the CA certificate only on development machines
- Review container labels before connecting services to the roji network