Security

docs/SECURITY.md

Security Policy

Supported Versions

Only the latest main branch is actively supported.

Reporting a Vulnerability

Please do not open public issues for security vulnerabilities.

Instead, contact the maintainers privately.

Email: security@example.com

Include:

Description
Impact
Steps to reproduce
Suggested mitigation

We will acknowledge reports within 7 days.

Scope

Examples of security issues:

Authentication bypass
Authorization issues
JWT vulnerabilities
OAuth vulnerabilities
Sensitive information exposure
Remote code execution
SQL injection
XSS
CSRF

Disclosure Policy

Please allow maintainers time to investigate and patch vulnerabilities before public disclosure.

There aren't any published security advisories