The following versions of the project are currently being supported with security updates:
| Sprint | Supported | Technologies |
|---|---|---|
| Sprint 10 | ✅ | Drupal 10, Next.js, Docker, Vactory 8 |
| Sprint 9 | ✅ | Next.js, Drupal Headless |
| Sprint 8 | ✅ | Vactory Profile, Drupal |
| Sprint 7 | ✅ | Appointment Booking System Module |
| Sprint 6 | ❌ | Hooks, Configuration, Caching, Migration |
| Sprint 5 | ❌ | Custom Modules, Twig Templates, Forms |
| Sprint 4 | ❌ | Basic Drupal Setup and Configuration |
| Sprint 3 | ❌ | PHP, OOP, PDO, Framework Building |
| Sprint 2 | ❌ | HTML/CSS/JS/Tailwind |
| Sprint 1 | ❌ | System Setup & Lab Configuration |
If you discover a security vulnerability within this project:
- Do not disclose it publicly on GitHub issues
- Send an email to [email protected]
- Include details about:
- The vulnerability type
- How it can be reproduced
- Potential impact
- Suggested fix (if available)
- You will receive an acknowledgment within 48 hours
- A detailed response will be provided within 5 business days
- Security patches will be prioritized based on severity
- You'll be credited for the discovery (unless you request anonymity)
When working with this project:
- Keep all dependencies updated
- Follow Drupal security best practices
- Use environment variables for sensitive credentials (I pushed an
.envin this repo but only for demonstration purposes only, please do not do that if you don't know what you're doing) - Never commit sensitive information to the repository
- Review Docker configuration for secure defaults
The Capital Azure implementation in Sprint 10 requires additional security attention for production use as it contains financial-related modules and UI components.