Security fixes are applied to the latest released version of MSK Core. Please make sure you are running the most recent release before reporting an issue.
| Version | Supported |
|---|---|
| Latest release | Yes |
| Older versions | No |
Please do not report security vulnerabilities through public GitHub issues, pull requests, or the Discord public channels.
Instead, report them privately using one of these channels:
- Email: moritz.kohm@gmail.com
- Discord: send a direct message to the maintainer on the MSK Scripts Discord
When reporting, please include as much of the following as you can:
- A description of the vulnerability and its impact
- Steps to reproduce, or a proof of concept
- The affected version of MSK Core
- Your framework and inventory setup (ESX / QBCore / ox_core / STANDALONE, and the inventory bridge in use)
- We will acknowledge your report as soon as possible.
- We will investigate and keep you updated on the progress.
- Once a fix is ready, we will release it and credit you if you wish.
Please give us a reasonable amount of time to address the issue before any public disclosure. Thank you for helping keep MSK Core and its users safe.