We release patches for security vulnerabilities. Which versions are eligible for receiving such patches depends on the severity of the vulnerability and the version's support status.
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability within this project, please send an email to [[email protected]] instead of using the public issue tracker.
Please include the following information in your email:
- Description of the vulnerability
- Steps to reproduce the vulnerability
- Potential impact of the vulnerability
- Any possible mitigations you've identified
All security vulnerabilities will be promptly addressed. You will be notified when the vulnerability has been resolved.
When deploying this application, please consider the following security best practices:
-
Environment Variables: Never commit sensitive information like API keys, passwords, or secrets to the repository.
-
Dependencies: Regularly update dependencies to ensure you have the latest security patches.
-
Authentication: Use strong, unique passwords and consider implementing multi-factor authentication.
-
Input Validation: Always validate and sanitize user inputs to prevent injection attacks.
-
HTTPS: Use HTTPS in production to encrypt data in transit.
-
Rate Limiting: Implement rate limiting to prevent abuse of your APIs.
-
Logging: Implement proper logging to detect and respond to security incidents.
- Keep your dependencies up to date
- Use environment variables for sensitive configuration
- Validate all user inputs
- Implement proper authentication and authorization
- Use HTTPS in production
- Regularly backup your data
- Monitor your application for suspicious activity
If you have any questions about security, please contact [[email protected]].