| Version | Supported |
|---|---|
| 1.0.x | ✅ Yes |
| < 1.0 | ❌ No |
LogReaper is a security tool — we take vulnerabilities in our own code seriously.
Do NOT open a public issue for security vulnerabilities.
Instead, please report them privately:
- Email: Send details to the maintainer via GitHub private vulnerability reporting
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix release: As soon as possible, typically within 2 weeks for critical issues
The following are in scope:
- Buffer overflows or memory corruption in log parsing
- Regex denial of service (ReDoS) in pattern matching
- Path traversal via crafted log paths
- Information disclosure through error messages
- Any issue that could allow a malicious log file to compromise the host
We follow responsible disclosure practices. We will:
- Confirm receipt of your report
- Work with you to understand the issue
- Credit you in the fix (unless you prefer anonymity)
- Not take legal action against good-faith security researchers