We currently support and maintain the main branch of rKitPvP. At time of writing there are no releases available.
If you discover a security vulnerability (e.g. duplication bug, command injection, data leak), please do not open a public issue.
Instead, report it privately by emailing:
📧 [email protected]
Or
📬 Open a GitHub security advisory (if available on this repo)
We aim to respond within 48 hours.
This policy covers:
- Plugin-level exploits (e.g. unsafe commands, coin farming, config bypasses)
- Code-level vulnerabilities (e.g. SQL injection, unsafe reflection)
Out-of-scope issues:
- Bugs unrelated to security
- Poor performance
- Conflicts with third-party plugins