If you discover a security vulnerability in Visitran, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email us at: security@zipstack.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours of your report
- Assessment: Within 5 business days we will confirm the issue and assess severity
- Fix: We aim to release patches for confirmed vulnerabilities within 30 days
| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |
We recommend always running the latest version of Visitran.
- We will coordinate with you on disclosure timing
- We will credit reporters in release notes (unless you prefer anonymity)
- We follow responsible disclosure practices
Thank you for helping keep Visitran and its users safe.