Skip to content

Security: repasscloud/ssh-c

Security

SECURITY.md

Security Policy

Thank you for taking the time to responsibly disclose any security vulnerabilities in ssh-c.

πŸ”’ Supported Versions

Only the latest release version of ssh-c is actively supported and patched.

πŸ“¬ Reporting a Vulnerability

To report a security issue:

  • Email: hello@repasscloud.com
  • Do not create a public GitHub issue
  • Provide as much detail as possible, including:
    • Affected version
    • Reproduction steps
    • Proof-of-concept (if applicable)
    • Impact description

We aim to acknowledge all valid reports within 48 hours.

πŸ› οΈ Coordinated Disclosure

If the vulnerability is confirmed, we will:

  • Coordinate a fix
  • Prepare a security release
  • Credit the reporter (if desired)
  • Publish a GitHub advisory and changelog entry

πŸ” Encryption (Optional)

You may request a public GPG key for encrypted disclosure.

πŸ§ͺ Scope

This policy applies to:

  • ssh-c CLI executable
  • Related configuration formats (config.json)
  • GitHub Actions or workflows included in the repo

It does not apply to:

  • Third-party dependencies or tools (e.g. dotnet SDK, PowerShell)

πŸ™ Responsible Disclosure

We appreciate responsible disclosure and follow industry best practices to resolve issues quickly and transparently.

πŸ§‘β€πŸ’» Maintained by: @danijeljw

There aren’t any published security advisories