Currently, Duck is in early development with only one version released. Security updates and fixes will be addressed on a best-effort basis.
| Version | Supported? |
|---|---|
| 1.0.1 | ✅ Security updates provided |
Future versions will follow a more structured support timeline.
If you discover a security vulnerability in Duck, please report it responsibly by following these steps:
- Do not disclose the vulnerability publicly until it has been reviewed and patched.
- Submit a report by opening a private discussion via GitHub Security Advisories:
- Alternatively, you can email the security team at:
📧 digreatbrian@gmail.com - Include as much detail as possible:
- Steps to reproduce the vulnerability
- The affected version(s)
- Possible attack scenarios and impact
- We will acknowledge receipt of your report within 48 hours.
- An initial assessment will be conducted within 7 days.
- If confirmed, we will develop a patch or workaround and release a security advisory.
- Responsible disclosure will be coordinated with you before making any details public.
While Duck is still in development, we encourage users to follow best security practices when deploying it:
- Use a Web Application Firewall (WAF) to mitigate potential attacks.
- Limit access to the admin panel and other sensitive endpoints.
- Regularly update Duck to receive security patches.
For any security concerns, please reach out via the official reporting channels.
Thank you for helping keep Duck secure! 🦆