| Version | Supported |
|---|---|
| 2.2.x | ✅ Current |
| 2.1.x | ✅ Security fixes |
| < 2.1 | ❌ End of life |
If you discover a security vulnerability in MaxCompression, please report it responsibly:
- Do NOT open a public GitHub issue.
- Email:
contact@dreams-makers.com - Include: MCX version, steps to reproduce, impact assessment.
We aim to respond within 48 hours and provide a fix within 7 days for critical issues.
Security-relevant areas include:
- Buffer overflows in decompression (malformed input handling)
- Integer overflows in size calculations
- Denial of service via crafted compressed data (excessive memory/CPU)
- Out-of-bounds reads during decompression
- All decompressor paths validate frame headers before processing
- Block sizes are bounded by
MCX_MAX_BLOCK_SIZE(64 MB) - Decompressed size is read from frame header, limiting output allocation
- Malformed input test suite verifies graceful error handling