Security updates are available for all versions.
If you discover a vulnerability, please report it responsibly to our security email: c2VjdXJpdHlAYWx0Y2hhLm9yZwo=.
When reporting a vulnerability, please include the following details to help us quickly assess the issue:
- Detailed steps to reproduce or a proof-of-concept
- Any relevant tools and their versions used
- Tool output and any logs or screenshots that may help
PGP Public Key: To ensure secure communication, please use our PGP public key when sending sensitive information:
-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEZtI2nxYJKwYBBAHaRw8BAQdA/RsvtqhwBMzb2lVbYgJ8jfbtOSW6X1Ju
eJGrTnc/w7rNKXNlY3VyaXR5QGFsdGNoYS5vcmcgPHNlY3VyaXR5QGFsdGNo
YS5vcmc+wowEEBYKAD4FgmbSNp8ECwkHCAmQQ77nSDCYPoIDFQgKBBYAAgEC
GQECmwMCHgEWIQTjdfm4rd39SCeb0WpDvudIMJg+ggAAQBYA/AhHznOMm5zg
L5NVtbEaVzjlGQgq935Ieg7i0ts/ulvSAQCifZduBr9W2Rlev2x4MIaN8PBY
eq/UQjyDIoi3s+bBAM44BGbSNp8SCisGAQQBl1UBBQEBB0DMbZpWAHLF9W2y
sFoTHPv0/9wBmd5HQHDFo30pYv6GGAMBCAfCeAQYFgoAKgWCZtI2nwmQQ77n
SDCYPoICmwwWIQTjdfm4rd39SCeb0WpDvudIMJg+ggAAB2gA/RCLvMElWMP3
Xb/GVjlYMKM+lP/+Vp6pEPp+oCfb5gg+AP9sTajrdA2GBv6Sc28/GZcbGEX2
OlJjTSxs11Oj8es+Bg==
=kb//
-----END PGP PUBLIC KEY BLOCK-----
- Acknowledgment: We will acknowledge receipt of your report within 48 hours.
- Assessment: We will assess the vulnerability and determine the impact and priority.
- Resolution: If the vulnerability is confirmed, we will work on a fix and inform you when it’s resolved.
- Disclosure: We follow responsible disclosure. Once a fix is available, we will coordinate with you to disclose the vulnerability to the public.
- ALTCHA Widget and any associated open-source code.
- ALTCHA SaaS platform and related services.
- Any third-party services or software not managed by ALTCHA.
- Automated tool or scan reports.
- Distributed Denial of Service (DDoS) attacks that require large volumes of data.
- Provisioning or usability issues.
- Flooding of feedback, comments, messages, etc.
- Issues related to networking protocols or industry standards.