Currently supported versions of Tingly-Box via Homebrew:
| Version | Supported |
|---|---|
| Latest release | ✅ |
| Previous releases |
If you discover a security vulnerability, please report it responsibly.
Do NOT open a public issue.
Instead, send your report privately:
- Email: Send details to the security team at the project's security contact
- GitHub Advisory: Use GitHub's private vulnerability reporting
Please include as much of the following information as possible:
- Description: A clear description of the vulnerability
- Steps to Reproduce: Detailed steps to reproduce the issue
- Impact: Potential impact of the vulnerability
- Affected Versions: Which versions are affected
- Proposed Fix (optional): If you have a fix, please include it
- Initial Response: Within 48 hours
- Detailed Response: Within 7 days
- Fix Timeline: Depends on severity and complexity
- Verification: We will verify the vulnerability
- Assessment: Determine severity and impact
- Fix Development: Develop a patch
- Release: Coordinate release of fix
- Disclosure: Public disclosure after fix is available
The Homebrew formula installs Tingly-Box in user-space. Security considerations:
- Binaries are installed to
/usr/local/binor/opt/homebrew/bin - Configuration files are stored in user home directory
- No system-level services are automatically enabled
- Network access is controlled by the application, not Homebrew
For Users:
- Keep Updated: Always use the latest version (
brew upgrade tingly-box) - Verify Checksums: Homebrew automatically verifies SHA256 checksums
- Review Permissions: Be aware of network and file permissions
- Report Issues: Report suspicious behavior immediately
Periodic security audits are conducted to ensure:
- Dependencies are up-to-date
- No known vulnerabilities in dependencies
- Secure coding practices are followed
- Proper input validation and sanitization
The formula includes:
- Direct binary downloads from official releases
- SHA256 checksum verification
- No build-time dependencies
- No runtime dependencies that affect security
We follow responsible disclosure practices:
- Private report and verification
- Fix development and testing
- Coordinated release
- Public disclosure with fix
For general security questions:
- Open an issue with the "security" label
- Contact the maintainers privately for sensitive matters
We thank all researchers who responsibly report vulnerabilities to help improve Tingly-Box security.