We actively support the following versions of WebLinq:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take security seriously at WebLinq. If you discover a security vulnerability, please follow these guidelines:
Please do NOT create a public GitHub issue for security vulnerabilities.
Instead, please report security issues privately by:
- Email: Send details to [email protected]
- GitHub Security Advisory: Use GitHub's private vulnerability reporting feature
When reporting a vulnerability, please include:
- Description: Clear description of the vulnerability
- Impact: Potential impact and attack scenarios
- Reproduction: Step-by-step instructions to reproduce
- Environment: System details where you found the issue
- Suggested Fix: If you have ideas for mitigation
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 1 week
- Regular Updates: Every week until resolved
- Fix Release: Target within 30 days for critical issues
This security policy covers:
- Backend API - Authentication, authorization, data handling
- Frontend Dashboard - XSS, CSRF, authentication flows
- Browser Operations - Injection attacks, sandbox escapes
- Database - SQL injection, data exposure
- Infrastructure - Cloudflare Workers configuration
The following are generally out of scope:
- Social engineering attacks
- Physical attacks
- DoS/DDoS attacks against public endpoints
- Issues in third-party dependencies (report to upstream)
- Issues requiring physical access to servers
We appreciate security researchers who help improve WebLinq's security:
- Public Recognition: Contributors will be credited (with permission)
- Response Timeline: We commit to timely responses and fixes
- Coordination: We'll work with you on responsible disclosure timing
When using WebLinq:
- Never expose API keys in client-side code
- Use environment variables for sensitive configuration
- Implement rate limiting in your applications
- Validate all inputs before sending to WebLinq API
- Sanitize extracted content before using in applications
- Be cautious with dynamic content from untrusted sources
- Use timeouts to prevent long-running operations
- Monitor usage patterns for anomalies
- Keep dependencies updated regularly
- Use HTTPS for all communications
- Implement proper logging for audit trails
- Follow principle of least privilege for access controls
- Security Email: [email protected]
- General Contact: [email protected]
- Documentation: https://docs.weblinq.com
Thank you for helping keep WebLinq and our community safe! 🔒