If you discover a security vulnerability in FlossPay:
- Do not open a public issue or discussion.
- Email: [email protected] with:
- A detailed description of the issue
- Affected versions/branches (if known)
- Steps to reproduce or a proof of concept (PoC), if possible
We aim to acknowledge all reports within 24 hours and will coordinate a fix or mitigation as quickly as possible.
| Version | Supported |
|---|---|
| main | ✅ |
| v0.2-alpha | ✅ |
| <v0.2 | ❌ |
- Please use responsible disclosure: give us a chance to investigate and fix the issue before any public disclosure.
- Fixes and advisories will be published in this repository under SECURITY.md.
Thank you for helping keep FlossPay and its users secure!