We actively maintain security for the following versions:
| Version | Supported |
|---|---|
| 1.0.x | โ Yes |
| < 1.0 | โ No |
We take security seriously. If you discover a security vulnerability, please follow these steps:
DO NOT create a public GitHub issue for security vulnerabilities. Instead:
- Email us directly at: security@acshadows-offline.com
- Use our security form: Security Report Form
- Contact maintainers via Discord: Security Channel
When reporting a vulnerability, please provide:
- Description: Clear explanation of the issue
- Steps to reproduce: Detailed reproduction steps
- Impact assessment: Potential damage/risk level
- Suggested fix: If you have ideas for resolution
- Timeline: When you discovered the issue
- Initial response: Within 24 hours
- Status update: Within 3 days
- Resolution: Within 30 days (depending on complexity)
- Input validation and sanitization
- Authentication and authorization
- Data encryption and protection
- Secure file handling
- Memory safety and buffer overflows
- Secure communication protocols
- API endpoint protection
- Rate limiting and DDoS protection
- SSL/TLS implementation
- Certificate validation
- Anti-cheat system integrity
- Save file protection
- Modding security considerations
- Performance monitoring
- Resource usage validation
- Multi-factor authentication for admin access
- Role-based access control
- Session management
- Token-based authentication
- Secure password policies
- Encryption at rest and in transit
- Secure key management
- Data anonymization
- Privacy compliance (GDPR, CCPA)
- Regular security audits
- Regular security updates
- Vulnerability scanning
- Intrusion detection
- Backup security
- Disaster recovery plans
- Static code analysis
- Dependency vulnerability scanning
- Automated security tests
- Penetration testing
- Code quality checks
- Security code reviews
- Manual penetration testing
- Social engineering tests
- Physical security audits
- Third-party security assessments
- Code follows security best practices
- No hardcoded credentials
- Input validation implemented
- Error handling doesn't leak information
- Dependencies are up to date
- Security tests included
- Download from official sources only
- Verify file checksums
- Keep software updated
- Use antivirus software
- Report suspicious activity
- Follow security guidelines
We recognize security researchers who help improve our security:
- Security Researchers: Find and report vulnerabilities
- Code Reviewers: Identify security issues in code
- Documentation Contributors: Improve security docs
- Community Moderators: Maintain secure environment
- Bug bounty: Rewards for critical vulnerabilities
- Acknowledgments: Public recognition for contributions
- Swag: Security researcher merchandise
- Partnership: Long-term collaboration opportunities
- Detection: Identify and confirm security incident
- Assessment: Evaluate impact and scope
- Containment: Isolate and contain the threat
- Eradication: Remove the threat completely
- Recovery: Restore normal operations
- Lessons Learned: Document and improve
- Security Team: security@acshadows-offline.com
- Emergency Hotline: +1-XXX-XXX-XXXX
- Discord Emergency: #security-emergency
- On-Call Engineer: @security-oncall
- Monthly: Security dependency updates
- Quarterly: Security policy review
- Annually: Comprehensive security audit
- As needed: Critical security patches
- Critical: Immediate action required
- High: Action required within 24 hours
- Medium: Action required within 7 days
- Low: Action required within 30 days
Thank you for helping keep our community secure! Your vigilance and responsible disclosure help protect everyone who uses our software.
Remember: Security is everyone's responsibility. Stay vigilant, report issues, and help us maintain a secure environment! ๐