If you discover a security vulnerability in SSH-MITM, please report it privately and responsibly.
Do not create public issues or pull requests that contain details about the vulnerability.
Instead, use GitHub's private Security Advisories feature:
- Go to SSH-MITM's Security Advisories page
- Click "Report a vulnerability"
Alternatively, you can reach us by email at support@ssh-mitm.at.
We aim to respond within 7–14 business days and will keep you informed throughout the process.
Security updates are provided for the latest release only. Please update to the latest version to receive all security patches.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
After receiving your report, we will:
- Confirm receipt of the report
- Investigate and assess the impact
- Develop a fix and prepare a release
- Coordinate public disclosure with you so users have time to upgrade
If you wish, contributors who report security vulnerabilities will be acknowledged in the release notes of the corresponding patch.
We appreciate responsible disclosures and are committed to resolving vulnerabilities in a timely manner. Thank you for helping keep SSH-MITM secure.