We are very concerned about security. Therefore we have taken some precautions:

• We use Snyk, a platform that regularly checks our security
• We have enabled all security features on Github
• We use Dependabot Security to be immediately aware of security issues in our dependencies and prevent security vulnerabilities throughout the dependency chain
• We use Renovate to automatically check all dependencies and create automatic pull requests for updates
• We use PHPStan / Larastan, the best static analyzer for PHP and Laravel to catch every bug in our codebase
• We have branch protection enabled and run all check before merging to main
• We always stay on the current stable versions and choose our dependencies with great care

We currently support the current version, means the main-Branch and the current packages on packagist.

If you spot a potential vulnerability, please go to https://github.com/mooxphp/moox/security/advisories and click on the Report a vulnerability-Button or send an email to security@moox.org.

Please do not create a GitHub issue for security vulnerabilities. This could allow potential attackers to exploit the vulnerability and cause damage before we've had a chance to patch it.