We take security seriously and aim to ensure that the latest version of this project remains secure. We support the latest version of the portfolio project. Please ensure that you are always using the most recent version of the codebase to benefit from security updates and patches.
| Version | Supported |
|---|---|
| latest | ✅ |
If you discover a security vulnerability in this project, we appreciate your efforts in disclosing it responsibly. Please follow the steps below to report the issue:
-
Do not create a public issue on GitHub or any other public platform to report security vulnerabilities. This is to prevent the information from being accessible to malicious users before a fix is released.
-
Contact us directly via email at [email protected]. Provide as much information as possible, including:
- A detailed description of the vulnerability.
- Steps to reproduce the vulnerability.
- Potential impact and any proof of concept (POC) code if available.
-
We will acknowledge your report within 48 hours and provide an estimated time frame for fixing the vulnerability.
-
Coordinated Disclosure: Once the vulnerability is fixed, we will coordinate with you to publicly disclose the details. We appreciate your patience and understanding in this process.
To ensure the security of your deployment, we recommend the following best practices:
- Keep Dependencies Updated: Regularly update dependencies to avoid vulnerabilities from outdated packages.
- Environment Variables: Never commit sensitive environment variables to version control.
- HTTPS: Always use HTTPS to secure communications.
- Content Security Policy (CSP): Implement a robust CSP to mitigate cross-site scripting (XSS) and other attacks.
- Input Validation: Sanitize and validate all user inputs to prevent SQL injection, XSS, and other injection attacks.
If you have any questions or concerns about our security policy, please reach out at [email protected].
Thank you for helping us keep our project safe and secure!