If you believe you have discovered a security vulnerability in this project, please follow these steps to report it. Your responsible disclosure is appreciated and will help us ensure the security of our project.

Please do not open GitHub issues for security-related concerns.

1. Private Disclosure: Send an email to kavin.apm2003@gmail.com with a detailed description of the vulnerability. Please avoid disclosing the details publicly until a fix is in place.

2. Verification: Our security team will review your report and may request additional information or clarification.

3. Resolution: Once the vulnerability is confirmed and understood, we will work on a resolution.

4. Public Disclosure: We will coordinate the release of a security advisory with you once a fix is ready. The security advisory will be published on our GitHub repository.

This security policy applies to the Patient-Doctor-Portal project and all its related repositories and components.

Only the latest stable release is actively maintained for security updates. Users are encouraged to keep their installations up to date.

• Day 0: Vulnerability is reported to our security team via email.
• Day 1-3: Initial review and triage of the vulnerability.
• Day 3-16: Resolution and testing of the vulnerability.
• Day 16+: Coordination of the release of a security advisory, including a fixed version of the project.

Security updates and advisories will be posted in our GitHub repository. Users are strongly encouraged to subscribe to notifications for security advisories in the repository.

We encourage responsible disclosure of security vulnerabilities. When reporting vulnerabilities, please provide us with the necessary details and give us a reasonable amount of time to address the issue before disclosing it to the public.

This security policy is not a legally binding contract and does not create any legally binding obligations on either party. It is merely intended to set out our policy and guidelines for handling security vulnerabilities in our project.