Only the latest released version of ProxCenter receives security updates.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
Please do not open a public GitHub issue for security vulnerabilities.
If you discover a security vulnerability in ProxCenter, please report it responsibly by emailing:
Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Affected version(s)
- Potential impact
- Any suggested fix (optional)
- Acknowledgment: within 48 hours of your report
- Status update: within 7 days with an initial assessment
- Fix: as soon as possible depending on severity
We follow a responsible disclosure process:
- The vulnerability is reported privately via email
- Our team investigates and develops a fix
- A patched version is released
- The vulnerability is publicly disclosed after the fix is available
We ask that you do not publicly disclose the vulnerability until a fix has been released.
This policy covers:
- ProxCenter dashboard (frontend)
- ProxCenter API (backend)
- Authentication and authorization mechanisms
Out of scope:
- Proxmox VE itself (report to Proxmox)
- Third-party dependencies (report to the respective maintainers)
We appreciate security researchers who help keep ProxCenter and its users safe. With your permission, we will acknowledge your contribution in the release notes.