Skip to content

Security: moxbo/lumberjack

Security

SECURITY.md

Security Policy

Thank you for helping keep Lumberjack and our users safe!

We regularly update dependencies to address known vulnerabilities. You can check the current dependency status in our package.json and review third-party licenses in docs/THIRD_PARTY_LICENSES.md.

Dependencies

  • See our Privacy Policy for more information
  • Lumberjack processes log files locally and does not transmit data externally
  • Be aware that log files may contain sensitive information

Log File Handling

  • Keep the application updated to the latest version
  • Verify checksums of downloaded files when available
  • Download Lumberjack only from official sources (GitHub Releases)

Application Security

Security Best Practices for Users

  • We will credit you (if desired) in any public disclosure
  • We will work with you to understand and resolve the issue quickly
  • We follow a coordinated disclosure policy

Disclosure Policy

  • We will handle your report with strict confidentiality and not share your personal information without permission
  • If you have followed the instructions above, we will not take any legal action against you regarding the report
  • We will send you regular updates about our progress
  • We will acknowledge receipt of your vulnerability report

What to Expect

  • Resolution: Typically within 30-90 days, depending on complexity
  • Status Update: Within 7 days
  • Initial Response: Within 48 hours

Response Timeline

  • Impact of the vulnerability, including how an attacker might exploit it
  • Proof-of-concept or exploit code (if possible)
  • Step-by-step instructions to reproduce the issue
  • Location of the affected source code (tag/branch/commit or direct URL)
  • Full paths of source file(s) related to the vulnerability
  • Type of vulnerability (e.g., buffer overflow, SQL injection, cross-site scripting)

Please include the following information in your report:

What to Include

  1. Provide a detailed description of the vulnerability
  2. Click Report a vulnerability
  3. Go to the repository's Security tab

Instead, please send an email to the maintainer or create a private security advisory through GitHub:

Please do not report security vulnerabilities through public GitHub issues.

How to Report

We take the security of Lumberjack seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Reporting a Vulnerability

| < 1.0 | ❌ |

1.0.x
Version Supported

Supported Versions

There aren’t any published security advisories