| Version | Supported |
|---|---|
| 0.1.x (latest) | Yes |
As FORGE matures, this table will be updated to reflect which versions receive security patches.
The FORGE team takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose any issues you find.
Do NOT open a public GitHub issue for security vulnerabilities.
Send an email to security@forge-project.dev with the following information:
- Description: A clear description of the vulnerability
- Impact: What an attacker could achieve by exploiting this issue
- Affected component: Which part of FORGE is affected (e.g., sandbox, capability-fs, ebpf, network-firewall)
- Reproduction steps: Detailed steps to reproduce the vulnerability
- Environment: Linux kernel version, Rust version, and any relevant configuration
- Proof of concept: If available, include code or commands that demonstrate the issue
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Initial assessment: We will provide an initial severity assessment within 5 business days
- Resolution timeline: We aim to release a fix within 30 days for critical vulnerabilities, 90 days for lower severity issues
- Credit: We will credit reporters in the security advisory unless you prefer to remain anonymous
| Severity | Description | Example |
|---|---|---|
| Critical | Sandbox escape or full host compromise | Bypassing namespace isolation to access host filesystem |
| High | Partial isolation bypass or privilege escalation | Seccomp filter bypass for restricted syscalls |
| Medium | Information leakage or denial of service | Side-channel leaking data between sandboxes |
| Low | Minor issues with limited impact | Verbose error messages exposing internal paths |
The following components are especially security-critical:
- sandbox/ -- Namespace and cgroup isolation, seccomp-BPF filter generation
- capability-fs/ -- HMAC-SHA256 token validation, FUSE permission enforcement
- ebpf/ -- XDP firewall rules, LSM-BPF enforcement hooks
- network-firewall/ -- Per-agent ACLs, HTTP inspection and filtering
- code-executor/ -- MicroVM launcher, initramfs isolation
Changes to these areas receive extra scrutiny during code review.
We follow coordinated disclosure:
- Reporter submits vulnerability to security@forge-project.dev
- FORGE team acknowledges and investigates
- FORGE team develops and tests a fix
- Fix is released along with a public security advisory on GitHub
- Reporter is credited (unless anonymity is requested)
We ask that reporters give us reasonable time to address the issue before any public disclosure.
- Always run FORGE on a supported Linux kernel (>= 5.15)
- Keep FORGE updated to the latest version
- Rotate capability filesystem signing keys regularly
- Review and restrict network ACLs to the minimum required endpoints
- Enable
log_violations = truein seccomp configuration for audit trails - Run FORGE components with least-privilege system accounts