Skip to content

Security: locustio/locust

Security

SECURITY.md

Security Policy

Supported Versions

Only latest version is actively supported, but issues reported for earlier minor will be considered if they are serious.

Reporting a Vulnerability

Reported using regular GitHub issues. If there is some reason an issue cannot be made public before a fix has been made, contact @cyberw directly.

How to use Locust safely

Locust is not intended to be deployed on a public-facing server. By default the web UI is only exposed on localhost, so normally this is not a problem.

Do not give someone access to the web UI unless you trust them with everything else that is on that machine.

How to use Locust nicely

Do not load test public web sites/services that you do not own.

There aren’t any published security advisories