| Version | Supported |
|---|---|
| latest | Yes |
Do NOT open a public issue for security vulnerabilities.
Instead, please report security issues via:
- Email: security@pentest-labs.io
- GitHub Security Advisories: Create a private advisory
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 7 days
- Fix Release: Within 30 days for critical issues
This platform runs untrusted code in containers. Security is multi-layered:
- No privileged containers
- All capabilities dropped (
cap_drop: ALL) no-new-privilegesenforced- Seccomp profiles applied
- No host mounts from user templates
- No Docker socket access for zone containers
- Each zone gets an isolated Docker bridge network
- No inter-zone communication possible
- Internet egress denied by default
- Only declared ingress ports exposed via Traefik
- CPU, memory, PID limits per container
- Disk quotas per zone
- Zone TTL enforcement (auto-destroy)
- Maximum concurrent zones per user
- JWT authentication with short-lived tokens
- Rate limiting at Traefik level (auth: 10/min, API: 100/min, AI: 40/hr)
- Input validation on all endpoints
- CORS restricted to configured origins
- Flag values never sent to AI providers
- Output filtering for flag patterns
- Rate limiting per user per zone
- All AI conversations logged for audit
- Schema validation on import
- Image allowlist enforcement
- No privileged container declarations allowed
- No host mount declarations allowed
- Admin approval required for new templates
- Zone containers share the host kernel (container escape is a theoretical risk)
- Terminal sessions are not encrypted end-to-end (rely on HTTPS transport)
- AI flag-leak prevention is heuristic-based (not cryptographically guaranteed)
We follow responsible disclosure practices. Reporters will be credited in the changelog unless they prefer anonymity.