About Radiator software development security
How Radiator Software ensures software development security.
About Radiator software development security
Radiator does not ship releases with known CVE vulnerabilities at the time of release. This document describes how that commitment is enforced.
Technology Overview
Radiator Server is implemented in Rust and TypeScript. The server core uses Rust, whose memory-safety model is designed to prevent, in safe Rust, many classes of vulnerabilities commonly associated with memory corruption (such as buffer overflows, use-after-free, and data races) while maintaining the performance required for network and AAA workloads. The management UI is implemented in TypeScript with client-side Next.js, Radiator Server does not require or ship with Node.js.
Vulnerability Scanning in CI
Pull requests and merges to the main branch that modify application code are checked against public vulnerability databases before they can be released.
Rust dependencies are scanned with cargo deny against the RustSec Advisory Database. JavaScript and TypeScript dependencies are scanned with pnpm audit. Both checks run automatically in CI, and failures cause the CI run to fail if a known vulnerability is detected.
Dependency Update Policy
Dependencies are reviewed and updated regularly. When a CVE is published that is exploitable through Radiator, the affected dependency is updated and a fix is released. Advisories that affect transitive dependencies not reachable through Radiator's usage are tracked and resolved as upstream fixes become available.
Build and Release Integrity
Dependency versions are pinned and only updated through deliberate, reviewed changes — they are never pulled in automatically from external sources. Release artifacts are traceable to specific source commits. CI enforces code review, automated testing, linting, and vulnerability checks before any code reaches a release.
Maintenance Scope
Standard service covers fixes in actively maintained current release lines. Backporting fixes to older or end-of-life versions is available as a separate support engagement.
About Radiator software development security
Architecture Overview
Backend Load Balancing
Basic Installation
Built-in Environment Variables
Comparison Operators
Configuration Editor
Configuration Import and Export
Data Types
Duration Units
Environment Variables
Execution Context
Execution Pipelines
Filters
Getting a Radiator License
Health check /live and /ready
High Availability and Load Balancing
High availability identifiers
HTTP Basic Authentication
Introduction
Linux systemd support
Local AAA Backends
Log storage and formatting
Management API privilege levels
Namespaces
Password Hashing
Pipeline Directives
Probabilistic Sampling
Prometheus scraping
PROXY Protocol Support
Radiator server health and boot up logic
Radiator sizing
Radiator software releases
Rate Limiting
Rate Limiting Algorithms
Reverse Dynamic Authorization
Service Level Objective
Template Rendering CLI
Tools radiator-client
TOTP/HOTP Authentication
What is Radiator?
YubiKey Authentication
YubiKey Context Variables
About Radiator software development security
Architecture Overview
Backend Load Balancing
Basic Installation
Built-in Environment Variables
Comparison Operators
Configuration Editor
Configuration Import and Export
Data Types
Duration Units
Environment Variables
Execution Context
Execution Pipelines
Filters
Getting a Radiator License
Health check /live and /ready
High Availability and Load Balancing
High availability identifiers
HTTP Basic Authentication
Introduction
Linux systemd support
Local AAA Backends
Log storage and formatting
Management API privilege levels
Namespaces
Password Hashing
Pipeline Directives
Probabilistic Sampling
Prometheus scraping
PROXY Protocol Support
Radiator server health and boot up logic
Radiator sizing
Radiator software releases
Rate Limiting
Rate Limiting Algorithms
Reverse Dynamic Authorization
Service Level Objective
Template Rendering CLI
Tools radiator-client
TOTP/HOTP Authentication
What is Radiator?
YubiKey Authentication
YubiKey Context Variables