Skip to content

Security: flytohub/flyto2

SECURITY.md

Security Policy

Supported Versions

We release patches for security vulnerabilities in the following versions of Flyto2:

Version Supported
Latest release (main)
older

Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability in Flyto2, please report it responsibly.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, report it via either channel:

  • Email: security@flyto2.com
  • GitHub private vulnerability reporting: go to the Security tab of this repository, click "Report a vulnerability", and fill out the form.

What to Include

  • Type of vulnerability (e.g., SQL injection, XSS, authentication bypass, SSRF)
  • Location of the affected source code (file path and line numbers if possible)
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if available)
  • Impact assessment — what an attacker could achieve
  • Suggested fix (if you have one)

Response Timeline

  • Initial response: within 48 hours of your report
  • Assessment: within 7 days with a severity determination
  • Resolution target: within 90 days for most issues

What to Expect

  1. Acknowledgment of receipt within 48 hours.
  2. Assessment of the vulnerability and its severity.
  3. Updates as we investigate and develop a fix.
  4. Coordinated disclosure — we will agree a disclosure timeline with you.
  5. Credit — we will credit you in the advisory unless you prefer to remain anonymous.

Responsible Disclosure

  • We will not pursue legal action against security researchers acting in good faith.
  • We will work with you to understand and resolve the issue.
  • We will publicly acknowledge your contribution (with your permission).

Security Updates

Security fixes are released as patch versions. We recommend watching this repository's releases and updating promptly when security patches ship.


Thank you for helping keep Flyto2 and its users safe.

There aren't any published security advisories