6c7cdc6421
- Escape $serverObject and $systemUrl in AdminHTML.php heredocs to prevent XSS - Add null guard in Database::getSystemUrl() to prevent fatal error - Guard primaryNetwork access in module.js to prevent null dereference - Reset badge/traffic-bar CSS classes on refresh to prevent accumulation - Add VNC popup-blocked check with user-facing message - Add BS3 input-group-btn dual class for theme compatibility - Escape billing template variables with |escape:'htmlall' - Add cache-busting to admin CSS/JS includes - Switch cache-busting format from version to date-based (20260207) - Create .releaserc.json for automated CHANGELOG.md management - Add changelog/git plugins to semantic-release workflow - Remove manual [Unreleased] section from CHANGELOG.md - Update README: install/upgrade with rsync, accuracy fixes, add keygen.js - Update CLAUDE.md: add keygen.js, document removed features - Fix SECURITY.md grammar and version operator Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
499 B
499 B
Security Policy
Supported Versions
Supported VirtFusion versions:
| Version | Supported |
|---|---|
| >= 1.7.3 | ✅ |
| < 1.7.3 | ❌ |
Reporting a Vulnerability
If you find a vulnerability, please report it to us by going to the security tab and click on Report a vulnerability.