This policy outlines the supported server versions and the proper procedure for reporting potential security vulnerabilities for our server-side Minecraft anti-cheat plugin.
Our server supports stable versions of Paper and its forks (like Purpur). We recommend always running the latest stable version for optimal security and performance.
| Version | Status | Notes |
|---|---|---|
| 1.21.10 | Supported | This is the current recommended and tested version. |
| Older Versions | Unsupported | Versions older than 1.21.5 may contain known security risks and are not actively patched. |
| Newer Versions | Supported | New major versions are generally supported shortly after their stable release. |
If you discover a potential security issue, please follow these steps for responsible disclosure. Do NOT open a public issue on GitHub, post on social media, or disclose the vulnerability publicly before it is patched.
The ONLY approved channel for reporting vulnerabilities is via GitHub's Private Vulnerability Reporting feature. This ensures your report remains private and allows us to coordinate a patch efficiently.
- Navigate to the repository's Security tab.
- Click the "Report a vulnerability" button.
- Fill out the form with the required details listed below.
We aim to acknowledge receipt of your report and begin triage within 1-2 business days.
To help us fix the issue quickly and efficiently, please include the following details in your private report:
- A clear description of the vulnerability and its potential impact.
- Detailed steps to reproduce the issue consistently.
- Any suggested mitigations or patches (if you have them).
- Your preferred contact method if we need more information (e.g., your GitHub username or personal email).
We appreciate the community's help in keeping Minecraft servers secure. We will strive to fix all reported vulnerabilities as quickly as possible and provide public recognition (unless anonymity is requested) to responsible reporters who allow us time to patch the issue.