Security updates are strictly applied to active components currently maintained on our primary deployment branch.
| Version | Supported |
|---|---|
| Main | 🟢 Supported |
| < Main | ❌ Not Supported |
CivicPulse-AI relies on highly sensitive access points, including the GEMINI_API_KEY and multiple production Firebase keys.
- Do not open a public issue if you locate an exposed string, leaked backend environment variables, or critical infrastructure weaknesses.
- Opening a public issue risks immediate exploitation of active API quotas or cloud infrastructure.
If you identify a security gap or exposed configuration secret, please report it immediately to the project maintainer:
- Email: [email protected]
You will receive an initial response within 48 hours to coordinate validation, triage, and patch deployment before any public disclosure is made. Thank you for helping keep this civic platform secure!