Only the latest release of delinea-netconfig receives security fixes.
| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |
Please do not report security vulnerabilities through public GitHub issues.
To report a vulnerability, email [security@delinea.com] with the subject line [delinea-netconfig] Security Vulnerability.
Please include as much of the following as possible:
- A description of the vulnerability and its potential impact
- The version(s) affected
- Steps to reproduce or a proof-of-concept
- Any suggested mitigations, if known
| Milestone | Target |
|---|---|
| Acknowledgment of report | 3 business days |
| Initial assessment and severity determination | 7 business days |
| Status update | Every 14 days until resolved |
| Fix and release | Depends on severity; critical/high issues are prioritized |
We follow coordinated disclosure. We ask that you:
- Allow us reasonable time to investigate and release a fix before public disclosure
- Not exploit the vulnerability beyond what is necessary to demonstrate the issue
Once a fix is released, we will publish a security advisory crediting the reporter (unless anonymity is requested).
The following are in scope for security reports:
- The delinea-netconfig CLI binary and its dependencies
- The Docker container image (
ghcr.io/delineaxpm/delinea-netconfig) - The install script (
install.sh) - The GitHub Actions CI/CD pipelines
- The
setup.delinea.appnetwork requirements endpoint (report those to Delinea support) - Vulnerabilities in output files generated by the tool when imported into third-party systems
- Issues in third-party dependencies that are already publicly known and tracked upstream
- Social engineering or phishing attacks