Security policy
Reporting a Vulnerability
Section titled “Reporting a Vulnerability”Please do not report security vulnerabilities through public GitHub Issues.
If you discover a security vulnerability in Meshploy, email [email protected] with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fix (optional)
You’ll receive an acknowledgement within 48 hours. We’ll work with you to understand the issue and coordinate a fix before any public disclosure.
Supported Versions
Section titled “Supported Versions”Security fixes are applied to the latest release only.
Issues in scope:
- Authentication and authorisation bypasses
- Privilege escalation between orgs or users
- Sensitive data exposure (secrets, tokens, env vars)
- Remote code execution
- Injection vulnerabilities
Out of scope:
- Vulnerabilities in third-party dependencies (report upstream)
- Issues requiring physical access to the server
- Social engineering