Skip to content

Security: vib-tools/Tester-Zepto-Pro-open-source-code

Security

SECURITY.md

Security Policy

Supported version

Version Security updates
1.0.6 Supported
1.0.5 Security fixes only
1.0.4 Unsupported
1.0.3 and earlier Upgrade required

Reporting a vulnerability

Use GitHub private vulnerability reporting when it is available. Do not publish credentials, license keys, private target URLs, recipient datasets, screenshots containing personal data, or a working exploit in a public issue.

Include:

  • affected version and commit;
  • operating system and Python/build mode;
  • reproducible steps using synthetic data;
  • expected and observed behavior;
  • security impact;
  • a minimal patch or mitigation when available.

Security boundaries

  • The application is for authorized Test Mode workflows only.
  • Browser authentication is performed manually; the app does not request or persist dashboard credentials.
  • Security challenges are paused for manual completion and are never bypassed.
  • The local license cache uses Windows current-user DPAPI in production builds.
  • The configured production license URL must use HTTPS.
  • Runtime logs and reports can contain user-supplied email addresses and should be protected accordingly.

Known deployment responsibilities

Operators must use a writable, access-controlled application folder, protect exported reports, restrict recipient files to authorized test records, and validate the license endpoint certificate and ownership.

There aren't any published security advisories