I take security seriously and value the contributions of the security community to help keep my project safe. If you discover a security vulnerability, I encourage you to report it to me immediately. I appreciate your responsible disclosure.
To report a security vulnerability, please email me at michael_johnson144@yahoo.com with a detailed description of the vulnerability: I will acknowledge your email within a few business days and provide further instructions to proceed.
Please refrain from publicly disclosing the vulnerability until I have had sufficient time to investigate and address the issue. I aim to provide timely updates and keep you informed throughout the process.
At this time, I do not have a bug bounty program in place.
My project supports the following versions:
| Version | Supported |
|---|---|
| 1.0.0 | ✅ |
| < 1.0.0 | ❌ |
Please ensure that you are using one of the supported versions before reporting any security vulnerabilities.
While I strive to maintain a secure codebase, I encourage users and contributors to follow security best practices when interacting with my project. Here are some general recommendations:
- Keep your dependencies up-to-date to benefit from the latest security patches.
- Implement complex secure passwords for user accounts.
- Back up your data regularly and save a disaster recovery (DR) plan in place.
- Be cautious when interacting with user-generated content, especially regarding potential XSS ( Cross-Site Scripting) and SQL injection attacks.
- Utilize HTTPS for secure communication with our project.
I am committed to addressing security vulnerabilities promptly and releasing updates promptly. As vulnerabilities are discovered and fixed, I will provide updates according to the following schedule:
- Critical: Addressed within one business day.
- High: Addressed within three business days.
- Medium: Addressed within five business days.
- Low: Addressed within seven business days.
Please note that these timeframes are subject to change based on the complexity and impact of the vulnerabilities. I appreciate your understanding and patience.
If you have any questions, concerns, or suggestions regarding the security of my project, please feel free to reach out to me at michael_johnson144@yahoo.com.