Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork4.8k
Security: rclone/rclone
Security
SECURITY.md
If you discover a security vulnerability in the rclone project, please follow these steps:
- Do Not Publicly Disclose: Do not raise an issue in the public issue tracker or disclose the vulnerability publicly until it has been resolved.
- Use GitHub's Reporting Interface:
- Navigate to theGitHub Security Advisories page for rclone.
- Provide a detailed description of the issue, including steps to reproduce it if possible.
We will acknowledge receipt of your report within48 hours and provide updates as we investigate and address the issue.
The following versions of rclone are currently supported with security updates:
| Version | Supported |
|---|---|
| Latest release | ✅ Yes |
| Older releases |
Please note that versions beyond one year of their release may not receive security patches.
- Investigation: The security team investigates the report and assesses its impact.
- Fix Development: A patch is developed in a private branch to resolve the issue.
- Testing: The fix undergoes thorough testing to ensure it resolves the vulnerability without introducing regressions.
- Public Release: The patch is merged, and a new release is published.
- Disclosure: A public advisory is issued detailing the vulnerability and its resolution.
To protect the users of rclone, we request that you adhere to the following responsible disclosure guidelines:
- Allow sufficient time for the issue to be addressed before discussing it publicly.
- Work with us to verify the fix and ensure the vulnerability is resolved.
Thank you for helping to keep rclone secure!
- Improper Permission and Ownership Handling on Symlink Targets with --links and --metadataGHSA-hrxh-9w67-g4cv published
Nov 15, 2024 byncwModerate
Learn more about advisories related torclone/rclone in theGitHub Advisory Database