33 lines (21 loc) · 861 Bytes

Security Policy

Supported Versions

Only the latest version on main is supported for security updates.

Reporting a Vulnerability

Please do not open public GitHub issues for vulnerabilities.

Report security vulnerabilities privately by emailing:

[email protected]

Include:

Affected component/path
Reproduction steps or proof-of-concept
Impact assessment
Suggested remediation (if known)

You can expect:

Initial acknowledgement within 3 business days
Triage decision within 7 business days
Coordinated disclosure timeline after validation

Security Expectations

Never commit secrets, tokens, or private keys.
Use environment variables for all credentials.
Follow least-privilege principles for database and deployment credentials.
Keep dependencies up to date and monitor CI security alerts.