| Version | Supported |
|---|---|
| latest | ✅ |
If you discover a security vulnerability in Synapse, please report it responsibly:
- Email: Send details to security@gen0sec.com
- Do NOT open a public GitHub issue for security vulnerabilities
- Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours of report
- Initial assessment: Within 5 business days
- Fix timeline: Critical issues within 7 days, High within 30 days
The following are in scope for security reports:
- Synapse reverse proxy core
- eBPF/XDP firewall components
- TLS termination and certificate management
- WAF rule engine
- Authentication and access control
- Configuration parsing (path traversal, injection)
- Denial of service via legitimate traffic volume
- Issues in third-party dependencies (report upstream, but notify us)
- Issues requiring physical access to the server
We follow coordinated disclosure. We ask that you:
- Allow us reasonable time to fix the issue before public disclosure
- Do not exploit the vulnerability beyond what is necessary to demonstrate it