We release security patches for the following versions:

We recommend always running the latest version for the best security.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them privately via one of these methods:

1. Go to the Security tab
2. Click "Report a vulnerability"
3. Fill out the form with details

Send details to the repository owner via GitHub (check profile for contact info).

Please include as much of the following information as possible:

• Type of vulnerability (e.g., SQL injection, XSS, authentication bypass)
• Affected component (Agent, Server, Web UI, API)
• Version(s) affected
• Step-by-step instructions to reproduce
• Proof-of-concept or exploit code (if available)
• Impact assessment
• Any suggested fixes

• Initial Response: Within 72 hours
• Status Update: Within 7 days
• Fix Timeline: Depends on severity
  • Critical: 1-7 days
  • High: 7-14 days
  • Medium: 14-30 days
  • Low: Next regular release

When deploying PrintMaster:

• Run agents on isolated management VLANs when possible
• Use firewall rules to restrict agent-server communication
• Don't expose the server directly to the internet without a reverse proxy

• Change the default admin password immediately
• Use strong, unique passwords
• Enable TLS for agent-server communication in production

# Recommended: Enable TLS
[server]
tls_cert = "/path/to/cert.pem"
tls_key = "/path/to/key.pem"

# Use token authentication for agents
[agents]
require_token = true

• Don't run containers as root when possible
• Use read-only file systems where feasible
• Keep images updated

• Use SNMPv2c with non-default community strings
• Consider SNMPv3 for sensitive environments (future feature)
• Restrict SNMP access at the printer level

SNMP community strings are stored in the configuration file. Protect this file with appropriate permissions:

# Linux
chmod 600 /etc/printmaster/config.toml

# Or use environment variables
export SNMP_COMMUNITY="your-community-string"

• Sessions expire after inactivity
• Cookies are HTTP-only and secure (when using TLS)
• CSRF protection is enabled

• Agent-to-server communication uses token authentication
• API endpoints require authentication
• Rate limiting is recommended via reverse proxy

Security updates are announced via:

• GitHub Releases (tagged with security label when applicable)
• Release notes in CHANGELOG

Subscribe to releases to stay informed:

1. Click "Watch" on the repository
2. Select "Custom" → "Releases"

We appreciate responsible disclosure. Contributors who report valid security issues will be acknowledged (unless they prefer to remain anonymous).

Thank you for helping keep PrintMaster secure! 🔐