| Version | Supported |
|---|---|
| 1.0.x | ✅ |
We take security seriously. If you discover a security vulnerability, please follow these steps:
- Open a public GitHub issue
- Disclose the vulnerability publicly before it's fixed
- Email the maintainers directly (preferred)
- Include the following information:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Fix Release: Depends on severity (Critical: ASAP, High: 2 weeks, Medium/Low: Next release)
When deploying AlphaMapping:
- Never commit
.envfiles to version control - Use strong, unique API keys
- Rotate credentials regularly
- Use HTTPS in production
- Configure firewall rules appropriately
- Limit API access to trusted networks if possible
- Keep base images updated
- Run containers as non-root user
- Use Docker secrets for sensitive data
-
SQLite - Default database is SQLite, suitable for development. Consider PostgreSQL for production.
-
Authentication - Current version does not include user authentication. Deploy behind a VPN or add authentication layer if needed.
-
Rate Limiting - No built-in rate limiting. Consider using a reverse proxy (nginx, Traefik) with rate limiting for public deployments.
Security updates will be announced through:
- GitHub Releases
- CHANGELOG.md
Thank you for helping keep AlphaMapping secure!