This project is actively maintained. Security updates are applied to the latest release.
If you discover a security vulnerability, please report it responsibly.
DO NOT open a public GitHub issue for security vulnerabilities.
- Email: Send details to security@sahirvhora.com
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix timeline: Depends on severity
- Critical: 24-48 hours
- High: 1 week
- Medium: 2 weeks
- Low: Next release cycle
- Vulnerabilities will be disclosed publicly after a fix is available
- Credit will be given to reporters (unless anonymity requested)
- Coordinated disclosure preferred
This project follows security best practices:
- Dependencies are monitored via Dependabot
- No secrets or credentials in source code
- Input validation on all user-facing endpoints
- HTTPS enforced for all web services
- Regular security audits
Security updates are released as patch versions. Subscribe to releases to stay informed.
This security policy is part of the project's MIT license.