| Version | Supported |
|---|---|
main branch (latest) |
Yes |
If you discover a security vulnerability in this project, please report it responsibly:
- Do NOT open a public GitHub issue.
- Use GitHub Security Advisories to privately report the vulnerability.
- Include as much detail as possible: steps to reproduce, affected components, and potential impact.
- Acknowledgment: Within 3 business days of receiving the report.
- Assessment: We will assess severity and impact within 7 business days.
- Fix: Critical and high severity issues will be prioritized for the next release.
The following are in scope for security reports:
- The Learn to Cloud web application (api/)
- Infrastructure configuration (infra/)
- CI/CD workflows (.github/workflows/)
- Authentication and session management
- Data handling and storage
- Third-party services and dependencies (report directly to the vendor)
- Social engineering attacks
- Denial of service attacks against production infrastructure