Security Policy

Reporting a Vulnerability

We take security seriously and appreciate researchers who responsibly disclose vulnerabilities.

Disclosure Policy

• Private Disclosure: Do not disclose vulnerabilities publicly until we've had time to investigate and release a fix.

• Response Time: We aim to respond within 48 hours and provide regular updates.

• Safe Harbor: We consider vulnerability research conducted in accordance with this policy to be authorized activity.

How to Report

Please submit vulnerability reports to our security team via:

Preferred Method:

• Email: [email protected]

• X (Twitter): kartik_mehta8

• Subject: "Security Vulnerability Report: [Brief Description]"

Required Information:

1. Description of the vulnerability and affected components.

2. Step-by-step reproduction instructions.

3. Impact assessment (including potential attack scenarios).

4. Any suggested mitigation or fixes.

Optional but Helpful:

• Proof of concept code or exploit scripts.

• Related vulnerability references. (CVE, CVSS, etc.)

• Your contact information for follow-up questions.

Our Commitment

• We will acknowledge receipt of your report within 48 hours.

• We will provide regular updates on our progress toward resolution.

• We will notify you when the vulnerability is fixed and give credit if desired.

• We will strive to address critical vulnerabilities within 14 days.

Security Updates

All security updates will be released through:

• GitHub Releases with clear version tagging.

• Security advisories in the repository (when applicable)

Security Best Practices for Users

To ensure your safety when using this project:

• Always use the latest stable version.

• Review the changelog for security-related updates.

• Follow principle of least privilege when configuring permissions.

Credits

We gratefully acknowledge security researchers who contribute to our project's safety through responsible disclosure.