| Version | Supported |
|---|---|
| 1.2.x | Yes |
| < 1.2 | No |
If you discover a security vulnerability in Chainsmith Recon, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, email security@infosecinnovations.com with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We aim to acknowledge reports within 48 hours and provide a fix or mitigation within 7 days for critical issues.
This policy covers vulnerabilities in the Chainsmith Recon framework itself. It does not cover:
- Findings discovered by Chainsmith when scanning targets (those belong to the target owner)
- Third-party dependencies (report those upstream, but let us know so we can update)
Chainsmith Recon is designed for authorized security testing only. Users are responsible for obtaining proper authorization before scanning any target. See LICENSE for details.