| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take the security of Selena seriously. If you have discovered a security vulnerability, please follow these steps:
- DO NOT create a public GitHub issue for the vulnerability.
- Send a detailed report to: taiizor@vegalya.com
- Include the following in your report:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial Response: Within 48 hours
- Assessment: Within 1 week
- Fix Timeline: Depends on severity
- Critical: Within 24 hours
- High: Within 1 week
- Medium: Within 2 weeks
- Low: Next release
When using Selena:
- Always use the latest version - Security patches are included in new releases
- Use Local scope by default - Only use Global scope when necessary
- Validate message content - Always validate deserialized objects
- Secure your channel names - Use unique, hard-to-guess channel names
- Monitor buffer usage - Prevent DoS attacks by monitoring buffer consumption
- Memory-mapped files can be accessed by any process with appropriate permissions
- Global scope on Windows requires administrator privileges
- No built-in encryption - sensitive data should be encrypted at the application level
- No built-in authentication - implement your own if needed
- Security vulnerabilities will be disclosed after a fix is available
- Users will be notified via GitHub Security Advisories
- A CVE will be requested for critical vulnerabilities
- Security Email: taiizor@vegalya.com
- GPG Key: [Public Key ID]
Thank you for helping keep Selena and its users safe!