Use this section to tell people about which versions of your project are currently being supported with security updates.
| Version | Supported |
|---|---|
| 1.0.x | β |
| 0.9.x | β |
| 0.8.x | β |
| < 0.8 | β |
We take the security of LeetCode AI Assistant seriously. If you believe you have found a security vulnerability, please report it to us as described below.
Please do NOT report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, please report them privately to our security team.
-
Email Security Team: Send an email to [SECURITY_EMAIL] with the subject line
[SECURITY] LeetCode AI Assistant Vulnerability Report -
Include Details: In your email, please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if any)
- Your contact information for follow-up
-
Response Time: We aim to respond to all security reports within 48 hours
-
Confidentiality: All security reports will be kept confidential until the issue is resolved
Please provide as much information as possible:
**Vulnerability Type**: [e.g., XSS, CSRF, Data Exposure, etc.]
**Severity**: [Critical/High/Medium/Low]
**Description**:
[Detailed description of the vulnerability]
**Steps to Reproduce**:
1. [Step 1]
2. [Step 2]
3. [Step 3]
**Expected Behavior**:
[What should happen]
**Actual Behavior**:
[What actually happens]
**Environment**:
- Browser: [e.g., Chrome 91, Firefox 89]
- OS: [e.g., Windows 10, macOS 11]
- Extension Version: [e.g., 1.0.0]
**Additional Context**:
[Any other relevant information]
**Contact Information**:
- Name: [Your name]
- Email: [Your email]
- GitHub: [Your GitHub username]- Security team reviews the report within 48 hours
- Determines severity and impact
- Acknowledges receipt to the reporter
- Technical investigation of the vulnerability
- Reproduction and validation
- Impact assessment
- Develop and test security fixes
- Code review by security team
- Integration testing
- Coordinate release timing
- Prepare security advisory
- Notify affected users
- Release security update
- Publish security advisory
- Credit the reporter (if desired)
- Keep the extension updated to the latest version
- Use strong, unique API keys
- Never share your API keys publicly
- Report suspicious activity immediately
- Use HTTPS when possible
- Follow secure coding practices
- Review code for security issues
- Never commit sensitive data
- Use secure development practices
- Report security concerns promptly
- API Key Protection: API keys are stored securely in browser storage
- HTTPS Only: All API calls use HTTPS encryption
- Content Security Policy: CSP headers prevent XSS attacks
- Input Validation: All user inputs are validated and sanitized
- Error Handling: Secure error handling prevents information disclosure
- Code signing for extension packages
- Enhanced API key encryption
- Rate limiting for API calls
- Security audit logging
- Automated security testing
- Critical Issues: 24 hours
- High Priority: 48 hours
- Medium Priority: 1 week
- Low Priority: 2 weeks
- Private Disclosure: Immediate upon discovery
- Public Disclosure: After fix is available
- Security Advisory: Within 24 hours of fix release
We would like to thank the following security researchers for their contributions:
| Researcher | Vulnerability | Date |
|---|---|---|
| [Researcher Name] | [Vulnerability Description] | [Date] |
- Email: [SECURITY_EMAIL]
- PGP Key: [PGP_KEY_FINGERPRINT]
- Response Time: 48 hours
- Urgent Issues: [EMERGENCY_EMAIL]
- Response Time: 24 hours
- Security Advisories: [GITHUB_SECURITY_ADVISORIES]
- Release Notes: [GITHUB_RELEASES]
This security policy may be updated from time to time. Significant changes will be announced through:
- GitHub repository notifications
- Security advisory updates
- Release notes
Last Updated: [DATE]
Policy Version: 1.0
Next Review: [DATE]
Thank you for helping keep LeetCode AI Assistant secure! π
Your security reports help us maintain a safe and trustworthy tool for the entire LeetCode community.