Skip to content

Security: HMB-research/uptime-kuma

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

  1. Please report security issues to https://github.com/louislam/uptime-kuma/security/advisories/new.
  2. Please also create an empty security issue to alert me, as GitHub Advisories do not send a notification, I probably will miss it without this. https://github.com/louislam/uptime-kuma/issues/new?assignees=&labels=help&template=security.md

Do not use the public issue tracker or discuss it in public as it will cause more damage.

Do you accept other 3rd-party bug bounty platforms?

At this moment, I DO NOT accept other bug bounty platforms, because I am not familiar with these platforms and someone has tried to send a phishing link to me by doing this already. To minimize my own risk, please report through GitHub Advisories only. I will ignore all 3rd-party bug bounty platforms emails.

Supported Versions

Uptime Kuma Versions

You should use or upgrade to the latest version of Uptime Kuma. All 1.X.X versions are upgradable to the latest version.

Upgradable Docker Tags

Tag Supported
1
1-debian
latest
debian
1-alpine ⚠️ Deprecated
alpine ⚠️ Deprecated
All other tags

There aren’t any published security advisories