Only the latest version of happyDomain is supported with security fixes.
| Version | Supported |
|---|---|
| latest | ✓ |
| < latest | ✗ |
- happyDomain application code (API/backend and web frontend)
- Other websites directly operated by the happyDomain team: documentation, main website, blog, git redirection, downloads website, demo instance, insights
- Vulnerabilities in third-party dependencies that are not directly exploitable in happyDomain
- Social engineering attacks
- Denial-of-service attacks requiring significant resources
If you discover a security vulnerability in happyDomain, please report it privately.
By email: security@happydomain.org On GitHub: https://github.com/happydomain/happydomain/security/advisories On Gitlab: https://gitlab.com/happyDomain/happyDomain/-/issues/new (check Confidential issue before submitting) On Framagit: https://framagit.org/happyDomain/happyDomain/-/issues/new (check Confidential issue before submitting)
Please include:
- description of the vulnerability
- steps to reproduce
- potential impact
We follow a responsible disclosure process.
After receiving a report we will:
- acknowledge within 72 hours
- investigate the issue
- prepare a fix
- publish a security advisory when the fix is available
We consider security research conducted in good faith to be authorized. We will not pursue legal action against researchers who:
- Report vulnerabilities through the channels listed above
- Avoid accessing, modifying, or deleting data that doesn't belong to them
- Avoid degrading the availability of our services
- Do not publicly disclose the vulnerability before a fix is available
We are happy to credit security researchers who responsibly disclose vulnerabilities.