If you discover a security vulnerability in Tuxedo, please report it responsibly by following these steps:
- Do not disclose the vulnerability publicly until it has been addressed.
- Email us at
security [at] whoisclebs [dot] comwith a detailed description of the issue. - Include:
- Steps to reproduce the vulnerability.
- Any relevant logs or error messages.
- The impact of the vulnerability.
- Wait for a response. We will acknowledge your report within 48 hours and work on a fix as soon as possible.
- We will release a fix in a timely manner and credit the reporter if they wish.
To ensure your applications using Tuxedo remain secure, follow these best practices:
- Always use the latest version of Tuxedo.
- Implement proper authentication and authorization mechanisms.
- Regularly audit your dependencies for vulnerabilities.
- Use secure communication protocols (e.g., HTTPS, TLS).
We appreciate responsible disclosure of security vulnerabilities. If a vulnerability is found and reported responsibly, we will ensure proper acknowledgment in our release notes (unless requested otherwise).
For any security-related concerns, please reach out to us at security [at] whoisclebs [dot] com.
Thank you for helping to keep Tuxedo secure! 🚀