AdGuardHome/SECURITY.md

# Security Policy

## Reporting vulnerabilities

Please send your vulnerability reports to <security@adguard.com>.  To make sure that your report reaches us, please:

1. Include the words “AdGuard Home” and “vulnerability” to the subject line as well as a short description of the vulnerability.  For example:

   > AdGuard Home API vulnerability: possible XSS attack

1. Make sure that the message body contains a clear description of the vulnerability.

If you have not received a reply to your email within 7 days, please make sure to follow up with us again at <security@adguard.com>.  Once again, make sure that the word “vulnerability” is in the subject line.
Pull request 2181: imp-docs Squashed commit of the following: commit 1f7be03896a6eaf0a292e4c7e9a7ef7c712ed734 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Mar 21 13:35:37 2024 +0300 all: use standard md style in some docs 2024-03-21 13:51:08 +03:00			`# Security Policy`
Pull request: HOFTIX-csrf Merge in DNS/adguard-home from HOFTIX-csrf to master Squashed commit of the following: commit 75ab27bf6c52b80ab4e7347d7c254fa659eac244 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Sep 29 18:45:54 2022 +0300 all: imp cookie security; rm plain-text apis 2022-09-29 19:04:26 +03:00
Pull request 2181: imp-docs Squashed commit of the following: commit 1f7be03896a6eaf0a292e4c7e9a7ef7c712ed734 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Mar 21 13:35:37 2024 +0300 all: use standard md style in some docs 2024-03-21 13:51:08 +03:00			`## Reporting vulnerabilities`
Pull request: HOFTIX-csrf Merge in DNS/adguard-home from HOFTIX-csrf to master Squashed commit of the following: commit 75ab27bf6c52b80ab4e7347d7c254fa659eac244 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Sep 29 18:45:54 2022 +0300 all: imp cookie security; rm plain-text apis 2022-09-29 19:04:26 +03:00
Pull request 2181: imp-docs Squashed commit of the following: commit 1f7be03896a6eaf0a292e4c7e9a7ef7c712ed734 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Mar 21 13:35:37 2024 +0300 all: use standard md style in some docs 2024-03-21 13:51:08 +03:00			`Please send your vulnerability reports to <security@adguard.com>. To make sure that your report reaches us, please:`
Pull request: HOFTIX-csrf Merge in DNS/adguard-home from HOFTIX-csrf to master Squashed commit of the following: commit 75ab27bf6c52b80ab4e7347d7c254fa659eac244 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Sep 29 18:45:54 2022 +0300 all: imp cookie security; rm plain-text apis 2022-09-29 19:04:26 +03:00
Pull request 2181: imp-docs Squashed commit of the following: commit 1f7be03896a6eaf0a292e4c7e9a7ef7c712ed734 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Mar 21 13:35:37 2024 +0300 all: use standard md style in some docs 2024-03-21 13:51:08 +03:00			`1. Include the words “AdGuard Home” and “vulnerability” to the subject line as well as a short description of the vulnerability. For example:`
Pull request: HOFTIX-csrf Merge in DNS/adguard-home from HOFTIX-csrf to master Squashed commit of the following: commit 75ab27bf6c52b80ab4e7347d7c254fa659eac244 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Sep 29 18:45:54 2022 +0300 all: imp cookie security; rm plain-text apis 2022-09-29 19:04:26 +03:00
Pull request 2181: imp-docs Squashed commit of the following: commit 1f7be03896a6eaf0a292e4c7e9a7ef7c712ed734 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Mar 21 13:35:37 2024 +0300 all: use standard md style in some docs 2024-03-21 13:51:08 +03:00			`> AdGuard Home API vulnerability: possible XSS attack`
Pull request: HOFTIX-csrf Merge in DNS/adguard-home from HOFTIX-csrf to master Squashed commit of the following: commit 75ab27bf6c52b80ab4e7347d7c254fa659eac244 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Sep 29 18:45:54 2022 +0300 all: imp cookie security; rm plain-text apis 2022-09-29 19:04:26 +03:00
Pull request 2182: AG-20945-rule-list-id Squashed commit of the following: commit 87bad8c1c202902f344ad75c7b767f03d5123a4a Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Mar 21 16:39:12 2024 +0300 all: imp lint, names, tests commit 284f8c7cc0c26d443342ad3d39007152714c0799 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Mar 21 15:37:54 2024 +0300 filtering: imp id handling 2024-03-21 18:45:34 +03:00			`1. Make sure that the message body contains a clear description of the vulnerability.`
Pull request: HOFTIX-csrf Merge in DNS/adguard-home from HOFTIX-csrf to master Squashed commit of the following: commit 75ab27bf6c52b80ab4e7347d7c254fa659eac244 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Sep 29 18:45:54 2022 +0300 all: imp cookie security; rm plain-text apis 2022-09-29 19:04:26 +03:00
Pull request 2181: imp-docs Squashed commit of the following: commit 1f7be03896a6eaf0a292e4c7e9a7ef7c712ed734 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Mar 21 13:35:37 2024 +0300 all: use standard md style in some docs 2024-03-21 13:51:08 +03:00			`If you have not received a reply to your email within 7 days, please make sure to follow up with us again at <security@adguard.com>. Once again, make sure that the word “vulnerability” is in the subject line.`