If you discover a security vulnerability related to:
- the Detektor scanner
- example artifacts included in this repository
- reference implementations maintained by Meisterware
please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, report the issue privately by emailing:
Please include the following information if possible:
- description of the vulnerability
- affected component or file
- steps to reproduce the issue
- potential impact or exploitation scenario
- suggested mitigation (if known)
Including sample files or minimal reproduction examples is helpful.
For faster triage, please include the following in the email subject:
[Detektor Security]
We will acknowledge receipt of the report and investigate as soon as possible.
This policy applies to:
- the Detektor scanner repository
- example artifacts provided in this repository
- official reference implementations maintained by Meisterware
Issues related to the OpenPAKT specification itself should normally be reported through the OpenPAKT specification repository, unless they represent a security vulnerability.
We encourage responsible disclosure and will work with reporters to:
- confirm the issue
- assess the impact
- prepare mitigation guidance
- coordinate disclosure and release of fixes
We ask that reporters avoid public disclosure until a fix or mitigation is available.
Security fixes are typically applied to the latest released version of Detektor.
Older versions may not receive security updates.
We appreciate responsible security research that helps improve the reliability and safety of the Detektor ecosystem.
With the reporter’s permission, valid reports may be acknowledged in project release notes or documentation.