Please do not report security vulnerabilities through public GitHub issues.
Instead, please use GitHub's private vulnerability reporting:
- Go to https://github.com/GeiserX/runtipi-appstore/security/advisories
- Click "Report a vulnerability"
- Fill out the form with details
We will respond within 48 hours and work with you to understand and address the issue.
- Type of issue (e.g., insecure defaults, container escape, credential exposure)
- Full paths of affected source files
- Step-by-step instructions to reproduce
- Proof-of-concept or exploit code (if possible)
- Impact assessment and potential attack scenarios
| Version | Supported |
|---|---|
| Latest | ✅ |
Only the latest version receives security updates. We recommend always running the latest version.
- Review app configurations - Audit docker-compose files before deploying
- Use strong passwords - For all application credentials
- Keep images updated - Regularly pull latest container images
- Restrict network access - Use Runtipi's built-in network isolation
- Never expose management ports - Keep admin interfaces behind authentication
For security questions that aren't vulnerabilities, contact: security@geiser.cloud