This document describes how to report security issues in the oletools project.
The following table shows which versions of the oletools project are currently being supported with security updates:
| Version | Supported |
|---|---|
| <0.60.x | ❌ |
| >=0.60.x | ✅ |
If you would like to report a vulnerability affecting the oletools project, you may use the link "Report a vulnerability" on Github.
If you prefer not to use Github, please send a first email to decalage at laposte dot net, without giving technical details. You will then be provided with a GPG public key to send encrypted emails.
Alternatively you may also contact me via X/Twitter, Mastodon or BlueSky using private messages (see https://linktr.ee/decalage) to get the GPG key.
Please note that oletools is a non-commercial open-source project maintained on my spare time. I will do my best to answer in due time and fix vulnerabilities.