We provide security updates for the following versions of RPRT:

We take security issues very seriously. If you discover a security vulnerability in RPRT, we appreciate your help in disclosing it to us in a responsible manner.

Please report security vulnerabilities by emailing your-email@example.com with the subject line "RPRT Security Vulnerability".

When reporting a vulnerability, please include:

• A description of the vulnerability
• Steps to reproduce the issue
• Any potential impact
• Any mitigations if known
• Your contact information (optional)

• We will acknowledge receipt of your report within 48 hours
• We will keep you informed of the progress towards fixing the vulnerability
• We will credit you for your discovery (unless you prefer to remain anonymous)
• We will not take legal action against you if you act in good faith

We follow responsible disclosure:

1. We will work on a fix as soon as possible
2. Once a fix is ready, we will release a security update
3. We will publicly disclose the vulnerability after the fix is available
4. We will credit you for your discovery (unless you prefer to remain anonymous)

• Always keep your dependencies up to date
• Never commit sensitive information to version control
• Use strong, unique passwords for all services
• Enable 2FA where available
• Regularly audit your access controls

• Follow the principle of least privilege
• Validate all user input
• Use prepared statements for database queries
• Keep dependencies up to date
• Use environment variables for sensitive configuration
• Implement proper error handling
• Use HTTPS for all communications
• Set secure HTTP headers
• Implement rate limiting
• Use secure session management
• Regularly audit dependencies for known vulnerabilities

We use the following tools to ensure the security of our dependencies:

• cargo audit for Rust dependencies
• npm audit for Node.js dependencies
• Dependabot for automated dependency updates

Security updates are released as patch versions (e.g., 1.0.0 → 1.0.1). We recommend always using the latest version of RPRT.

Security advisories are published in the GitHub Security Advisories section of the repository.

We run a responsible disclosure program. If you find a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner. We will acknowledge your contribution in our security advisories (unless you prefer to remain anonymous).