DO NOT OPEN A PUBLIC GITHUB ISSUE FOR SECURITY VULNERABILITIES.
This is a security lab - it intentionally contains vulnerable configurations. If you discover an unintentional vulnerability in the lab's own infrastructure (e.g., the CI pipeline, the evidence collection scripts, or the Go backend), please report it via email to the maintainer with the subject line [SECURITY] Wardex Foundry.
The maintainer aims to acknowledge receipt within 48 hours and provide an estimated timeline for remediation.
Only the main branch and tagged releases are officially supported for security updates. Development builds on develop or feature branches may contain incomplete components or known regressions.
| Version | Supported |
|---|---|
| 1.0.x | Yes |
The intentional misconfigurations defined within the /scenarios/ directory in their v1 state are explicitly out of scope for vulnerability reporting. This includes but is not limited to:
- Exposed credentials
- Missing authentication
- Missing encryption
Only the v2 (hardened) configurations are eligible for security reporting.