| Version | Supported |
|---|---|
| 1.x.x | ✅ |
Please DO NOT report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by emailing:
Include the following information:
- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting)
- Full paths of source file(s) related to the issue
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
You should receive a response within 48 hours. If for some reason you do not, please follow up to ensure we received your original message.
Security updates will be released as patch versions and announced through:
- GitHub Security Advisories
- npm security advisories
- Email to registered users (for critical issues)
When using the SecurePass Pro SDK:
- Never expose API keys in client-side code or public repositories
- Use environment variables for sensitive credentials
- Rotate API keys regularly (every 90 days recommended)
- Monitor usage for unauthorized access
- Revoke compromised keys immediately
- Use HTTPS for all API communications
- Keep the SDK updated to the latest version
When we receive a security bug report, we will:
- Confirm the problem and determine affected versions
- Audit code to find similar problems
- Prepare fixes for all supported releases
- Release patches as soon as possible
We appreciate your efforts to responsibly disclose your findings.
Thank you for helping keep SecurePass Pro and our users safe! 🔒