Skip to content

Security: zmartzone/lua-resty-openidc

Security

SECURITY.md

Security Policy

Supported Versions

Security fixes are provided for the latest released version of lua-resty-openidc.

Older versions may receive security fixes at the maintainers' discretion.

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues.

If you believe you have found a security vulnerability, please report it privately using GitHub's private vulnerability reporting, if available, or contact the maintainers directly.

When reporting a vulnerability, please include:

  • A description of the issue
  • Steps to reproduce the behavior
  • Affected lua-resty-openidc versions
  • Relevant OpenResty, NGINX, and dependency versions
  • Any known mitigations or workarounds

The maintainers will review the report and coordinate disclosure once the issue has been assessed and, where appropriate, a fix is available.

Scope

Security vulnerabilities may include issues affecting authentication, authorization, token validation, session handling, redirect handling, cryptographic validation, or disclosure of sensitive information.

General bugs, configuration questions, and feature requests should be reported through regular GitHub issues.

There aren't any published security advisories