The LiteERP team takes security seriously. We appreciate responsible disclosure of security vulnerabilities.

If you discover a security issue, please do NOT open a public GitHub issue.

Instead, report it privately using one of the following methods:

• 📧 Email: [email protected] (replace with your actual email)
• 💬 GitHub: Send a private message to the repository owner / maintainer

Please include as much information as possible:

• A clear description of the vulnerability
• Steps to reproduce the issue
• Affected versions / branches
• Proof of concept (if available)
• Potential impact

We aim to follow this process:

• Acknowledgement: within 48 hours
• Initial assessment: within 3–5 business days
• Fix or mitigation plan: as soon as reasonably possible

Timelines may vary depending on the complexity and severity of the issue.

Security updates are provided for:

• The latest stable release
• The current version/* branch

Older versions may not receive security patches.

• Public disclosure before a fix is released
• Exploiting vulnerabilities beyond proof-of-concept
• Using vulnerabilities for malicious purposes

We encourage contributors to:

• Validate and sanitize all user input
• Avoid raw SQL unless strictly necessary
• Use Laravel built-in security features (CSRF, validation, authorization)
• Keep dependencies up to date
• Follow the principle of least privilege

If you responsibly disclose a valid security issue:

• You will be credited (if you wish) in the release notes or security advisory
• We will work with you to verify and resolve the issue

Thank you for helping keep LiteERP and its users safe.

Security is a shared responsibility.