Mailuminati Guardian is a security focused project. We take vulnerability reports seriously and appreciate responsible disclosure.
If you discover a security issue, please do NOT open a public GitHub issue.
Instead, report it privately to the maintainers.
- Use GitHub private security advisories
OR - Contact the maintainers through the Mailuminati organization
Please include:
- A detailed description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested mitigations, if available
This security policy applies to:
- Guardian core components
- Installation scripts
- Default configurations
- Public APIs exposed by Guardian
Out of scope:
- Misconfigurations by operators
- Issues in third party dependencies
- Denial of service caused by intentional resource exhaustion
- We will acknowledge receipt of the report
- We will investigate and assess the impact
- We will work on a fix when applicable
- Coordinated disclosure will be preferred
No bug bounty program is currently in place.
Guardian prioritizes:
- Minimizing attack surface
- Reducing trust in external systems
- Avoiding unnecessary complexity
- Failing safely
Security reports that help reinforce these goals are always welcome.