Security fixes are prioritized for:
| Branch / release line | Status |
|---|---|
main |
actively supported |
| latest tagged release | actively supported |
| older releases | best effort only |
If you run an older release, upgrade first and re-test before reporting.
Please do not open public issues for security problems.
Use GitHub private vulnerability reporting:
Include:
- affected version (
mtproto-proxy --version) - deployment model (bare metal / VM / container)
- minimal reproduction steps
- impact and attack preconditions
- logs/config snippets with secrets removed
- initial acknowledgment: within 72 hours
- triage update: within 7 days
- fix timeline: depends on severity and reproducibility
Please allow maintainers time to patch before public disclosure. Coordinated disclosure is preferred for all critical and high-severity issues.