We take the security of optimizerDuck and its users very seriously. Since optimizerDuck operates with system-level permissions to perform optimizations, maintaining a secure environment is our highest priority.
This document outlines our security policies and explains how to report any discovered vulnerabilities responsibly.
Currently, we only support the latest release of optimizerDuck for security updates. We strongly recommend that all users stay up to date with the latest version.
| Version | Supported | Description |
|---|---|---|
| Latest Release | ✅ | Receives all security patches and updates. |
| Older Versions | ❌ | No longer supported. Please update immediately. |
Please do not open a public issue for security-related matters.
If you discover a security vulnerability in optimizerDuck, we kindly ask that you responsibly disclose it to us privately so we can address it before it affects others.
You can report vulnerabilities using one of the following methods:
- Go to the optimizerDuck GitHub Repository.
- Navigate to the Security tab.
- Click on Advisories in the sidebar.
- Click the Report a vulnerability button.
- Provide a detailed description of the issue, including steps to reproduce it.
If you prefer, you can report the issue directly to the project maintainers via our official community server.
- Join the optimizerDuck Discord Server.
- Send a direct message to one of the Admins or Maintainers (or add the founder directly
itsfatduck). - Let us know you have found a security vulnerability and we will work with you to handle it privately.
Once you report a vulnerability, here is what you can expect from us:
- Acknowledgment: We aim to acknowledge your report within 48 hours.
- Investigation: We will investigate the issue and determine its potential impact. We may reach out to you if we need more information or specific steps to reproduce the vulnerability.
- Resolution: If the vulnerability is confirmed, we will work on a fix as quickly as possible.
- Disclosure: Once a patch is released and users have had a reasonable amount of time to update, we may publish a public security advisory giving you credit for the discovery (if you wish).
This security policy covers:
- The core optimizerDuck application (
itsfatduck/optimizerDuck). - The optimizerDuck website and documentation repository.
It does not cover:
- Vulnerabilities in third-party libraries or dependencies (though please report them so we can update our dependencies).
- Issues originating from the Windows operating system itself.
Thank you for helping keep optimizerDuck safe!