| Version | Supported |
|---|---|
| 1.4.x | ✅ Active support |
| 1.3.x | ✅ Active support |
| < 1.3 | ❌ No longer supported |
If you discover a security vulnerability in RedstoneReboot, please do not open a public issue.
To report a security vulnerability, please use GitHub's Private Vulnerability Reporting feature at https://github.com/sdemonzdevelopment-spec/RedstoneReboot/security/advisories/new
Alternatively, you may report it privately through one of the following channels:
- Email: Contact the maintainer directly via the GitHub profile linked to DemonZ Development.
- Discord: Send a direct message to a team member in the DemonZ Development Discord.
We will acknowledge your report within 72 hours and aim to release a fix within 7 days for confirmed vulnerabilities.
Security reports are accepted for:
- Authentication bypass in the Pterodactyl backend (API key exposure, token leaks)
- Remote code execution through command injection
- Unintended file system access through
LocalScriptbackend or config parsing - Environment variable leakage through
BackendConfigproperty resolution
Reports about denial-of-service through intentional misconfiguration or features working as designed are out of scope.