We release patches for security vulnerabilities. The following versions are currently being supported with security updates:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
We take the security of Network Switcher seriously. If you believe you have found a security vulnerability, please report it to us as described below.
- Open a public GitHub issue for security vulnerabilities
- Discuss the vulnerability in public forums, social media, or mailing lists
- Email: Send details to the repository maintainer (check GitHub profile for contact)
- Include:
- Type of issue (e.g., privilege escalation, command injection, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
- Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
- Initial Assessment: We will provide an initial assessment within 5 business days
- Updates: We will keep you informed about our progress towards a fix
- Fix Timeline: We aim to release security fixes within 30 days of initial report
- Credit: We will credit you in the security advisory (unless you prefer to remain anonymous)
Network Switcher requires access to NetworkManager (nmcli) commands. This means:
- The application can modify network connections
- It can enable/disable network interfaces
- It requires user-level permissions (not root)
- The application uses systemd user services
- It requires access to the system tray/notification area
- It reads environment variables for display configuration
We rely on the following dependencies:
- Python 3.6+
- pystray (system tray integration)
- Pillow (image processing)
- NetworkManager (system-level network management)
Please keep these dependencies updated to their latest secure versions.
For users:
- Only install from official sources
- Verify the integrity of downloaded files
- Keep Python and dependencies updated
- Review the source code before installation
- Use the provided installation scripts (they include security checks)
For developers:
- Follow secure coding practices
- Validate all user inputs
- Use subprocess with proper argument handling
- Avoid shell injection vulnerabilities
- Handle errors gracefully without exposing sensitive information
- Privilege Level: The application runs with user privileges and can only modify network connections that the user has permission to modify
- Command Execution: The application executes
nmclicommands using subprocess - Service Permissions: When run as a systemd service, it inherits the user's permissions
Security updates will be:
- Released as patch versions (e.g., 1.0.1)
- Documented in CHANGELOG.md
- Announced in GitHub releases
- Tagged with the
securitylabel
We would like to thank the security researchers and users who responsibly report vulnerabilities to help keep Network Switcher secure.
Last Updated: November 12, 2025