Our approach to handling vulnerability reports and securing the application lifecycle.
We take the security of Vaultr seriously. If you discover a vulnerability in the codebase, we ask that you adhere to responsible disclosure practices by providing us sufficient time to implement a fix before publicizing the flaw.
Currently, Vaultr does not maintain an active financial bug bounty program, but we appreciate and acknowledge all contributions that improve the project's resilience.
Please avoid creating public issues or pull requests for severe vulnerabilities.
Submit all sensitive security reports directly to:
akshaysbuilds@gmail.com
We enforce security updates against the `main` branch. Forks or historically decoupled deployments are responsible for fetching the latest security patches manually.