Skip to content

Security: AxenoDev/Yoki

Security

SECURITY.md

Security Policy

Supported Versions

Yoki is under active development. Security fixes are applied to the latest version on the master branch.

Version Supported
latest
< 0.1

Reporting a Vulnerability

If you discover a security vulnerability in Yoki, please report it responsibly. Do not open a public GitHub issue for security-related problems.

Instead, report the vulnerability through one of the following channels:

If neither option is available, you may open a GitHub issue asking for a private contact method without disclosing any vulnerability details.

What to Include

Please provide as much information as possible to help us understand and reproduce the issue:

  • A description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • Affected versions or commits
  • Any proof-of-concept code or exploit details (if applicable)
  • Suggested fix or mitigation (if you have one)

Response Timeline

We aim to acknowledge reports within 48 hours and provide an initial assessment within 7 days. You will be kept informed of our progress toward a fix.

Disclosure Policy

  • We ask that you do not publicly disclose the vulnerability until a fix has been released and users have had reasonable time to update.
  • We will credit reporters in the release notes or advisory, unless you prefer to remain anonymous.
  • We follow coordinated disclosure practices and will work with you on an appropriate timeline.

Security Best Practices for Operators

When running Yoki in production:

  • Keep the proxy updated to the latest version
  • Do not expose the proxy port to the public internet without additional network-level protections
  • Run the proxy with the minimum required system privileges
  • Monitor logs for unusual connection patterns

Thank you for helping keep Yoki and its users safe.

There aren't any published security advisories