In accordance to the Apache 2 license-terms, Xyna is offered "as is" and without any guarantee or warranty. Although its developers make every reasonable effort to ensure that the product remains free of security vulnerabilities, users are ultimately responsible for evaluating each software release and to operate it only in secured environments, especially if Xyna is used for network management in critical infrastructures.

All users responsible for operating Xyna installations are required to apply best practices concerning the secure operation of software, such as:

• Do not expose Xyna installation to the public Internet without additional safety measures such as WAFs / NG-Firewalls / IPS etc.
• Enforce a password policy for all user accounts
• Apply best practices for security and update / patch policies in the configuration of the database and web servers, as well as any other third-party components that may complement Xyna's infrastructure
• Keep your Xyna deployment updated to the most recent stable release
• Report all identified vulnerably - to strengthen Xyna sustainably and create to value for the community

Xyna is a free and open platform. No commercial terms, no locked-in effects, no dependencies, no barriers to entry. And like any software, Xyna contains bugs. We appreciate any feedback and contributions here on GitHub.

If you believe you've uncovered a security vulnerability and wish to report it not public on GitHub but confidentially, you may do so via email. Please note that reported vulnerabilities should meet the following conditions:

• It is related to a current release of Xyna
• It is reproducible following a described set of instructions

Please email a brief description of the suspected bug and instructions for reproduction to [email protected].

As Xyna is provided as free and open source software, we do not offer monetary compensation for vulnerability reports, however your contribution is appreciated.