| Version | Supported |
|---|---|
| 1.x | ✅ |
If you discover a security vulnerability, please report it responsibly:
- DO NOT create a public GitHub issue
- Email: khalilbenaz@protonmail.com
- Include: description, steps to reproduce, impact assessment
- Expected response time: 48 hours
- JWT with RSA-2048 signing
- Access tokens: 15 min TTL
- Refresh tokens: 7 days with rotation
- MFA/TOTP support (Google/Microsoft Authenticator)
- Argon2id password hashing (OWASP recommendation)
- AES-256-GCM encryption for PII
- PCI-compliant card tokenization
- TLS 1.2+ required
- Global: 100 requests/minute
- Auth endpoints: 5 requests/5 minutes
- Transfer endpoints: 20 requests/minute
- Content-Security-Policy
- Strict-Transport-Security
- X-Frame-Options: DENY
- X-Content-Type-Options: nosniff