We are currently maintaining security updates for the following versions:

Only the latest version receives security updates. We recommend always using the latest version.

If you discover a security vulnerability in our project, please report it to us responsibly:

Email: lwdlwd95@gmail.com

Please include:

• A clear description of the vulnerability
• Steps to reproduce (if applicable)
• Potential impact
• Any suggested fixes or mitigations

1. Acknowledgment: We will acknowledge your report within 72 hours
2. Assessment: We will assess the vulnerability and determine its severity
3. Fix: We will work on a fix and prepare a security release if needed
4. Disclosure: We will coordinate disclosure with you, giving you credit if you wish

• Critical vulnerabilities: Fixed within 7 days
• High severity vulnerabilities: Fixed within 14 days
• Medium severity vulnerabilities: Fixed within 30 days
• Low severity vulnerabilities: Fixed in next regular release

• Always use the latest version
• Keep your dependencies updated
• Follow secure coding practices
• Report any suspicious activity

• Follow our secure coding guidelines
• Use parameterized queries to prevent SQL injection
• Validate and sanitize all user input
• Implement proper authentication and authorization
• Keep secrets and sensitive data out of version control

Security updates will be released as new versions with clear changelog entries marking them as security fixes. We recommend subscribing to our release notifications.

This security policy applies to:

• The main Quizz repository
• Our documentation and examples

The following are generally not considered security vulnerabilities:

• Issues that require physical access to the server
• Issues that require administrative privileges
• Social engineering attacks
• Denial of Service attacks that require excessive resources

We would like to thank all security researchers who responsibly disclose vulnerabilities to us. Your efforts help make our project more secure for everyone.