IP = 34.198.54.185
robots.txtUser-agent: *
Disallow: /*-printable.html$
Look up this url in the url tool
https://docs.cfengine.com/.well-known/acme-challenge: 404 text/html
https://docs.cfengine.com/.well-known/csvm: 404 text/html
https://docs.cfengine.com/.well-known/nostr.json: 404 text/html
https://docs.cfengine.com/.well-known/security.txt-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Contact: mailto:security@northern.tech
Preferred-Languages: en
Canonical: https://northern.tech/security.txt
Hiring: https://northern.tech/careers/open-positions
Expires: 2026-05-28T00:00:00z
# Security Policy
# - Disclose security issues immediately to us
# - If you discover a security issue, note down your findings, log out, and stop experimenting as this could damage other users and their data
# - Attempts to access, change or delete other users' data is not allowed
# - Do not use automated tools which result in high server load (such as brute forcing or (D)DoS approaches) against our production services and websites
# - Submissions using these approaches will be ignored and may result in your IP(s) being blocked
# - Do not publicly disclose vulnerabilities without coordinating with us, even after the issue has been fixed
# - We have to follow a process of responsibly notifying our customers, giving them time to upgrade, etc.
# Areas of interest
# - Websites: https://northern.tech, https://cfengine.com, https://mender.io, https://alvaldi.com
# - Online services: https://hosted.mender.io, https://app.alvaldi.com
# - All maintained CFEngine releases
# - All maintained Mender releases
# Renumeration
# - We evalutate whether something is a security issue and do not pay a reward in cases where we do not consider it a security issue
# - We do not pay out rewards for previously known / reported issues, only the first report receives a reward
# - The decision on severity and the reward amount is made solely by us
# - The reward is paid out using Amazon gift cards (not PayPal)
# We assign the severity and the according reward to the following levels:
# ---------------------
# | Severity | Reward |
# ---------------------
# | S1 | $500 |
# | S2 | $250 |
# | S3 | $100 |
# | S4 | $50 |
# ---------------------
# The following issues are unlikely to receive a bounty on report
# - Issues around rate limits
# - Low impact information disclosures such as software version disclosure
# - Clickjacking / UI redressing
# - Subscription model bypass - issues giving access to paid features you seemingly should not have access to
# - Incomplete or missing SPF/DMARC/DKIM records
# - Missing Cookie flags
# - Missing HTTP Strict Transport Security (HSTS) / Strict-Transport-Security HTTP header
# - Vulnerabilities requiring the use of outdated browsers, plugins or platforms
# - Vulnerabilities that require the user/victim to perform extremely unlikely actions (i.e. Self-XSS)
# - IIS Tilde File and Directory Disclosure
# - CSV Injection
# - PHP Info
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEr+jF9DBXwAkxIimfWEIRr2qz7hIFAmg3iXYACgkQWEIRr2qz
7hIPGA/7BJV21YIoc7gynd1EueebGSg0oD7uN6KiqJkMaaeqqUOyCc4SKyAjg2AZ
h3FUId/dDQDgeB+fUuVOW0zPFzdToFNtzN+oYr/WzMQKXgMoXwUZh5PKVQt1iXCf
HTGi1sHncqCHryWvpP7KD028tmNHS1PNeGZRmZPzhmta9MYTXA1LgsI9bcyntgaz
BBBddtYUPCMMtj4QZxVN08ivyJK8M9GZFotZXEBXNd18YEQ3YzUDY+jgdtkZ4ts4
9K+EvzlcujrHdFB4HUM7Dbf/PqcMMztwU0FQhIl679PSezbuksfFhpdf8Z88mptA
zMNrtlJf2P+hziSVq0xYbHxy89NGksF1Z65bTe1uJ5yIsGR8c7UKPTJtC3gDAOIl
9hZSEqn05ztp1QtvZMnvYsGmj6bavsrP+DUqegYkQGBtwOyEGxKXGIt4l79z/198
mjso2AeLd+7YRn/UWfSMvP8yU6NbvIg9BCWGrNX9O4mrT59ibny8DE1+jj78eaaF
/AvqQ1eOsCFWrZ6/HrpAav3sGuez47b2+QDn2oAu+C5cI1KHqHQCzZlJthwH6n7O
/gUg1CC2bhOPQRkttpkARECLL7S7Z8PnlT2WCcaX0dESrwczexctneLw+K4NPaz/
9HWaTiaj72CsX8pLtm5a6X2pTykCrwwx1jCmN6DwTik+0w0a9og=
=8r2u
-----END PGP SIGNATURE-----
https://docs.cfengine.com/.well-known/traffic-advice: 404 text/html