| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability in LogWatcher, please report it responsibly:
- Do not open a public issue
- Email the maintainer directly: [email protected]
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
LogWatcher is designed with security in mind:
- File Access: Only reads files specified by the user
- No Network Access: Does not send data over the network
- Local Processing: All pattern matching and processing happens locally
- Minimal Permissions: Only requires read access to log files
When using LogWatcher:
- File Permissions: Ensure log files have appropriate permissions
- Pattern Validation: Be careful with regex patterns to avoid ReDoS attacks
- Resource Limits: Monitor memory usage with large log files
- Regular Updates: Keep LogWatcher updated to the latest version
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 1 week
- Fix Development: Within 2-4 weeks (depending on severity)
- Release: As soon as fix is tested and verified
- Input validation for all CLI arguments
- Safe file handling with proper error checking
- Memory-efficient streaming to prevent OOM attacks
- No execution of external commands or scripts