| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0.0 | ❌ |
We take the security of Kratos Panel seriously. If you believe you've found a security vulnerability, please follow these steps:
- Do not disclose the vulnerability publicly
- Email the details to: [security@yourdomain.com]
- Include the following details:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes if available
- We'll acknowledge receipt of your report within 48 hours
- We'll provide a more detailed response within 7 days, indicating the next steps in handling your report
- We'll keep you informed about our progress in addressing the issue
- After the issue is resolved, we may request your help in validating the fix
This security policy applies to the latest stable release of Kratos Panel and its dependencies.
- Authentication vulnerabilities
- Authorization issues
- Data exposure
- SQL injection
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Payment processing vulnerabilities
- API security issues
- Issues in outdated versions
- Issues in third-party applications or services
- Social engineering attacks
- Physical security attacks
- DoS/DDoS attacks
When deploying Kratos Panel, follow these security best practices:
- Keep all dependencies updated
- Set strong admin credentials
- Use HTTPS with a valid SSL certificate
- Configure proper database security
- Set up proper firewall rules
- Implement rate limiting
- Regularly backup your data
- Review audit logs periodically
We follow responsible disclosure principles. Once an issue is fixed:
- We'll release a security update
- We'll document the issue in release notes without disclosing exploitation details
- We'll credit you for the discovery if you wish
Thank you for helping keep Kratos Panel and our users safe!