| Version | Supported |
|---|---|
| Latest release | Yes |
| Older releases | No |
We only provide security fixes for the latest release. Please upgrade to the latest version before reporting.
Do NOT open a public GitHub issue for security vulnerabilities.
Report via our Discord server with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment within 48 hours
- Assessment within 1 week
- Fix within 90 days (critical vulnerabilities prioritized)
- Credit in the release notes (unless you prefer to remain anonymous)
The following are in scope:
- AnakinScraper server (
server/) - Browser service (
browser-service/) - Docker configuration
- Default configurations that could lead to security issues
The following are out of scope:
- Issues in third-party dependencies (report to the upstream project)
- Issues that require physical access to the server
- Social engineering attacks