Files
dhcpsrv/SECURITY.md
T
engel 27304992a0 chore: cut GitHub, make project Gitea-only
- relink README/CHANGELOG/pyproject/SECURITY to git.engelgardt23.ru
- port CI from GitHub Actions to .gitea/workflows (publishes Gitea release via API)
- rename GITHUB_REPO -> REPO; drop GitHub mentions in code/docs/comments
- remove .github (workflow + issue templates); drop made-by lines
2026-06-01 12:35:28 +03:00

1.3 KiB

Security policy

Thanks for taking the time to look at this. Even small tools can introduce real risk — this one binds a privileged UDP port and reconfigures a network adapter on the host — so vulnerability reports are very welcome.

Supported versions

Only the latest tagged release is supported. Older versions will not get fixes; please upgrade first.

How to report a vulnerability

Please do not open a public issue for security-sensitive findings.

Report privately by email to the maintainer at engelgardt2024@gmail.com.

Please include:

  • The version you tested (the startup banner is enough).
  • Steps to reproduce, ideally with a packet capture or a short script.
  • An assessment of impact (LAN-only? remote? admin needed? etc.).

Reports are reviewed and addressed on a best-effort basis. A fix and a public advisory will be published once the issue is resolved. Reporters are credited unless they prefer to stay anonymous.

Out of scope

  • DoS by flooding the DHCP server on the local link (it's a small tool meant for direct-cable / single-switch use; flooding your own laptop is your call).
  • Behavior when run without administrator privileges (the tool refuses to start in that case anyway).
  • Issues that require the attacker to already control the user's machine.