Only the latest release is actively supported with security updates.
If you discover a security vulnerability in ClusterIQ, please report it responsibly. Do not open a public GitHub issue.
- Email the maintainer directly (see repository contact info).
- Include a clear description of the vulnerability and reproduction steps.
- Allow reasonable time for a fix before any public disclosure.
ClusterIQ is designed to run locally as a SOC analyst tool. It should not be exposed directly to the internet without additional authentication and hardening.
- Alert JSON inputs are parsed server-side — do not accept untrusted input from external sources in production.
- The SQLite database (
clusteriq.db) contains saved sessions — ensure it is not readable by untrusted users. - The Flask development server (
debug: true) must never be used in production.
- Issues in third-party dependencies (report to the respective project).
- Issues requiring physical access to the host machine.