Skip to content

Security: NebulaScriptIDE/Bound-in-Iron

Security

SECURITY.md

Security Policy

Reporting a Security Vulnerability

The security of Bound in Iron and its community is important.

If you discover a security vulnerability, please report it privately instead of creating a public issue.

Please include:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • The affected version or commit
  • Potential impact
  • Any proof-of-concept details that can help verify the issue

Do not publicly disclose security vulnerabilities until they have been investigated and addressed.


How to Report

To report a security issue, contact the project maintainers through the private security reporting options available in the repository.

If private reporting is unavailable, create a general discussion asking for a secure contact method. Do not include sensitive details in public posts.


Response Process

After receiving a security report, the maintainers will:

  1. Confirm that the report was received.
  2. Investigate and verify the issue.
  3. Determine the severity and impact.
  4. Develop a fix or mitigation.
  5. Release updates when appropriate.
  6. Credit the reporter if they wish to be recognized.

Response times may vary depending on the complexity of the issue.


Supported Versions

Security fixes will generally focus on actively maintained versions of Bound in Iron.

Version Supported
Latest Release Yes
Previous Release Limited
Older Releases No

Scope

Security reports may include issues involving:

  • Game vulnerabilities
  • Multiplayer security problems
  • Save file exploits
  • Account or authentication issues
  • Unauthorized access
  • Data privacy concerns
  • Vulnerabilities in tools or services connected to the project

Responsible Disclosure

Please follow responsible disclosure practices:

  • Do not exploit vulnerabilities beyond what is necessary to confirm the issue.
  • Do not access other users' data.
  • Do not disrupt services or servers.
  • Give maintainers reasonable time to investigate and fix issues before public disclosure.

Security Updates

Security updates will be announced through official project channels when appropriate.

Users are encouraged to keep their copy of Bound in Iron updated to receive the latest fixes and improvements.


There aren't any published security advisories