If you discover a security vulnerability in Marapulse, please report it responsibly. Do not open a public GitHub issue.
Email: almeidamarcell@gmail.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: within 48 hours
- Initial assessment: within 7 days
- Fix or mitigation: within 90 days (critical issues prioritized)
This policy covers:
- The Marapulse application code in this repository
- The hosted Marapulse service
Out of scope:
- Third-party dependencies (report to the upstream project)
- Self-hosted instances with custom modifications
- Social engineering attacks
Security researchers who report valid vulnerabilities will be credited in the release notes (unless they prefer to remain anonymous).
| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |
We recommend always running the latest version.