Reporting a Vulnerability

We strongly encourage you to report potential security vulnerabilities to us first, before disclosing them in a public forum. Report any security vulnerabilities via email to send one plain-text email for each vulnerability you are reporting.  We can then request more details later (screenshots, videos, etc.) in a secure manner. Patched vulnerabilities are noted in our release notes.  Before reporting any vulnerabilities, please make sure a patch is not already available.

Vulnerability Handling

A high-level overview of our vulnerability handling process:

  1. A vulnerability is reported privately via email to Green Rocket Security
  2. If necessary, further information is gathered securely
  3. Green Rocket Security reviews and assesses the vulnerability
  4. Green Rocket Security includes a patch/fix in a subsequent GreenRADIUS update to address the vulnerability