This security policy applies to the QuickBox Pro suite of software hosted under the QuickBox GitHub organization.
Security reports and subsequent patches are issued on a rolling basis. All active development versions receive security updates as soon as possible after a vulnerability is confirmed.
Security is a top priority. If you discover a vulnerability or suspect a potential security issue in QuickBox Pro, please report it directly and privately via email:
Do not open public GitHub issues to report security vulnerabilities.
Once received, I will, under good faith, take the following actions:
- Acknowledge the report within 72 hours.
- Investigate and confirm the issue.
- Patch the vulnerability in the next patch (or minor) release, typically within a few days depending on severity and complexity.
To help us quickly assess and respond to your report, please include:
- A clear and descriptive subject line.
- Your name and affiliation or company (if applicable).
- Steps to reproduce the issue.
- Description of the vulnerability's impact on QuickBox and any relevant hardware/software configurations.
- How it affects QuickBox usage and any estimated attack surface.
- Any other software or dependencies involved in triggering the vulnerability.
All security correspondence should be in English.
Thank you for helping to keep QuickBox secure.