Thanks for helping keep ByteSend and its users safe.
We provide security fixes for:
| Version | Supported |
|---|---|
| Latest stable release | Yes |
| Previous stable release | Yes |
main branch |
Best effort |
develop branch |
Best effort |
| Older unsupported releases | No |
Please do not open public GitHub issues for security vulnerabilities.
Report privately by emailing: security@nodebyte.co.uk
Use subject line: [SECURITY] <short summary>
Include:
- Affected component and version/commit
- Reproduction steps or proof of concept
- Impact and likely attack scenario
- Any suggested mitigation
If needed, include encrypted details and share a secure channel for follow-up.
- Initial acknowledgment within 72 hours
- Triage and severity assessment
- A plan for fix and coordinated disclosure
- Credit in release notes if you want attribution
In-scope:
- Remote code execution
- Auth bypass / privilege escalation
- Sensitive data exposure
- Injection vulnerabilities
- SSRF / major misconfiguration issues
Out-of-scope (unless chainable to significant impact):
- Missing best-practice headers only
- Self-XSS without escalation path
- Rate-limit bypass with no practical abuse impact