Contributing

Security Policy

How to responsibly disclose security vulnerabilities in TLD.

Do not open public issues for security vulnerabilities
If you discover a security vulnerability, do NOT open a public GitHub issue. Use the private disclosure process below.

Reporting a vulnerability

Email security@thelastdeploy.com with:

  • A description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Any suggested remediation

You will receive an acknowledgment within 48 hours. We aim to resolve critical vulnerabilities within 7 days.

Scope

In scopeOut of scope
API authentication bypassAttacks on user-controlled lab environments
Privilege escalation in the CLISocial engineering
Data exposure in API responsesDenial of service against public infra