This document outlines the security practices and vulnerability reporting procedures for Socrates Blade.
The following versions of Socrates Blade are currently supported with security updates:
| Version | Supported |
|---|---|
| 3.2.x | ✅ |
| 3.1.x | ❌ |
| 3.0.x | ❌ |
If you discover a security vulnerability in Socrates Blade, please report it responsibly:
- Do NOT create a public GitHub issue for security vulnerabilities
- Email the maintainers privately instead
- Include as much detail as possible
When reporting a vulnerability, please include:
- Type of vulnerability
- Full paths of source file(s) related to the vulnerability
- Location of the affected code (line numbers)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact assessment
We aim to acknowledge vulnerability reports within 48 hours and provide a timeline for fixes.
- Only test systems you own or have written permission to test
- Review local laws before use
- Do not use on production systems without proper authorization
- Follow responsible disclosure practices
- Keep your installation updated
- Never commit secrets, keys, or credentials
- Sanitize all inputs and outputs
- Use parameterized queries to prevent SQL injection
- Validate and sanitize user input
- Follow secure coding practices
When security updates are released:
- A security advisory will be published on GitHub
- Users will be notified to update
- The vulnerability details will be disclosed after fixes are available
Socrates Blade is a security testing tool designed for authorized security testing only.
Intended Use:
- Security audits of own applications
- Penetration testing with proper authorization
- Vulnerability assessment
Not Intended For:
- Unauthorized access to third-party systems
- Malicious purposes
- Attacking systems without permission
We believe in crediting researchers who responsibly disclose vulnerabilities. If you would like to be credited, include your name and preferred contact in the report.
For security-related matters, please contact the maintainers through GitHub's private vulnerability reporting.
Last Updated: April 2026 Maintained by: Volunteers