We actively maintain and provide security updates for the following versions:
| Version | Supported |
|---|---|
| 1.x.x | β Yes |
| < 1.0 | β No |
We take security seriously. If you discover a security vulnerability, please follow these steps:
DO NOT create a public GitHub issue for security vulnerabilities.
Instead, please report security issues privately:
- Email: Send details to leonwong282@gmail.com
- Subject: Include "SECURITY" in the email subject
- Details: Provide as much information as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
When reporting a security vulnerability, please include:
- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- Location of the affected source code (tag/branch/commit or direct URL)
- Special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
- Initial Response: Within 48 hours
- Investigation: Within 1 week
- Fix and Disclosure: Coordinated with reporter
We appreciate security researchers and will:
- Acknowledge your contribution (unless you prefer to remain anonymous)
- Keep you updated on the progress
- Credit you in our security advisories (with your permission)
- Dependencies: Keep dependencies up to date
- Code Review: All code changes require review
- Testing: Include security tests when applicable
- Secrets: Never commit secrets, API keys, or credentials
- Updates: Always use the latest supported version
- Configuration: Follow security configuration guidelines
- Environment: Use secure deployment practices
- Monitoring: Monitor for security advisories
This project implements:
- β Dependency Scanning: Automated vulnerability detection
- β Code Analysis: Static security analysis
- β Access Controls: Proper authentication and authorization
- β Input Validation: Sanitization of user inputs
- β Secure Defaults: Security-first configuration
- Vulnerability Database: GitHub Advisory Database
- Security Guides: GitHub Security Documentation
Security is everyone's responsibility. Thank you for helping keep our community safe! π‘οΈ