Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a vulnerability

Please do not file public GitHub issues for security-sensitive reports.

Instead, report vulnerabilities privately using one of the following channels:

GitHub Security Advisories: https://github.com/hauntedmc/mcserver/security/advisories/new
Support form: https://hauntedmc.nl/support
Email: contact@remyduijsens.com

When reporting, please include:

a description of the issue;
the affected version or tag;
reproduction steps or proof of concept, if available; and
any suggested remediation or mitigation.

Scope

This repository primarily contains container build and startup automation. Security reports are especially helpful for:

container hardening issues;
privilege-escalation paths;
unsafe defaults;
supply-chain concerns in workflows or scripts; and
accidental credential exposure.

There aren’t any published security advisories