If you discover a security vulnerability in xfetch, please report it responsibly by contacting:
Email: x@xscriptor.com
When reporting a security issue, please provide:
- Description — A clear explanation of the vulnerability
- Type — What kind of security issue is it? (e.g., buffer overflow, injection, privilege escalation, etc.)
- Steps to Reproduce — Detailed steps to trigger the vulnerability
- Impact — How severe is the issue? What could an attacker do?
- Affected Versions — Which versions of xfetch are affected?
- Proposed Fix (optional) — If you have a suggestion for how to fix it
- Do not open public GitHub issues for security vulnerabilities
- Do not disclose the vulnerability publicly until a fix is released
- Do give the maintainers reasonable time to address the issue before public disclosure
- Typically, we aim to respond within 7 days and release a fix within 30 days for critical issues
While xfetch is designed to be safe, keep these recommendations in mind:
- Keep updated — Always use the latest version of xfetch
- Verify downloads — Check checksums when downloading binaries
- Configuration privacy — Be careful when sharing custom configs that may contain sensitive paths
- Network features — If using IP detection features, be aware of potential privacy implications
- Third-party plugins — Only use plugins from trusted sources if the plugin system is enabled
| Version | Status | Support Until |
|---|---|---|
| latest | Active | latest |
Security fixes will be released as soon as possible. Critical vulnerabilities will receive priority treatment.
Thank you for helping keep xfetch secure!