If you discover a security vulnerability, please report it responsibly.
Do NOT open a public issue for security vulnerabilities.
Instead, please send an email or contact the maintainers privately with:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes (optional)
- Initial response: Within 48 hours
- Status update: Within 7 days
- Fix timeline: Depends on severity, typically within 30 days
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
When deploying this application:
- Always use HTTPS in production
- Set strong, unique values for
SESSION_SECRET - Use environment variables for all secrets
- Keep dependencies updated
- Follow the principle of least privilege for database users