Skip to content

Security: arkanzasfeziii/Ghost

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
1.0.x

Reporting a Vulnerability

If you discover a security vulnerability in Ghost, please report it responsibly:

  1. Do not open a public GitHub issue.
  2. Contact the maintainer directly via GitHub private message to @arkanzasfeziii.
  3. Include:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if any)

Response Timeline

  • Acknowledgment: Within 48 hours.
  • Assessment: Within 7 days.
  • Fix release: Within 30 days for confirmed vulnerabilities.

Scope

This security policy covers vulnerabilities in the Ghost framework code itself. It does not cover vulnerabilities discovered in target systems during authorized penetration testing.

Responsible Disclosure

We follow a coordinated disclosure process. We ask that you give us reasonable time to address the issue before making any information public.

There aren't any published security advisories