Domain Locker is designed with security in mind, but no software is immune to vulnerabilities. This document outlines our security policy, including how we handle vulnerabilities, supported versions, and how to report security issues.

For security policy for the managed instance (domain-locker.com), please refer to Legal → Security.

For self-hosted users, it is your responsibility to ensure the security of your instance. Implementing proper access controls, regular updates and following security best practices is crucial.

We only provide security updates for the latest major version of Domain Locker and its active minor releases. Users running older versions are strongly encouraged to upgrade.

If you discover a security vulnerability in the Domain Locker application, please report it to us immediately. We take security seriously and will work with you to resolve the issue promptly.

Send an email to [email protected] with the subject line "Domain Locker Security Issue".

• A detailed description of the vulnerability.
• Steps to reproduce the issue.
• Any relevant screenshots or logs.
• Your contact information (optional, but helpful for follow-up).

We will acknowledge your report within 48 hours and aim to provide a fix or mitigation plan within 28 days, depending on the severity of the issue.

Please do not publicly disclose the vulnerability until we have had a chance to address it. We will coordinate with you on the timeline for public disclosure once the issue is resolved.

• Issues that are not related to the Domain Locker application itself (e.g., server configuration, third-party services).
• Issues that require physical access to the server or user devices.
• Issues that are already publicly known or documented.
• Issues that are not reproducible or lack sufficient detail for investigation.
• Issues solely due to known vulnerable third-party packages (such as npm dependencies), unless they lead to an actual exploit within Domain Locker.