We take security seriously in Rooftime. The following versions are currently supported with security updates:
| Version | Supported |
|---|---|
| 1.x | ✅ Yes (Latest) |
| 0.x | ❌ No (Upgrade Recommended) |
If you discover a security vulnerability in Rooftime, please do not disclose it publicly. Instead, follow these steps:
- Email us at security@rooftime.vercel.app to report the vulnerability.
- Include a detailed description of the vulnerability, steps to reproduce, and potential impact.
- We will acknowledge your report within 48 hours and begin investigating.
- Once the issue is confirmed, we will work on a fix and notify you when the patch is released.
- Responsible disclosure is appreciated—do not exploit the vulnerability for malicious purposes.
If you're contributing to the project, keep these security best practices in mind:
- Use secure coding practices (e.g., validate inputs, escape outputs, avoid SQL/NoSQL injection).
- Never commit sensitive data (e.g., API keys, database credentials, JWT secrets).
- Follow dependency updates to avoid known security vulnerabilities.
- Report suspicious activities in the repo.
While we don’t have a formal bug bounty program (yet!), we appreciate all security researchers who responsibly report vulnerabilities. If your report is valid and critical, we might offer you a cool shoutout and possibly some exclusive Rooftime swag! 🎉
Security is a shared responsibility. If you see something, say something. Let’s keep Rooftime secure for everyone. 🔒🚀