| Version | Supported |
|---|---|
| 0.1.x | Yes |
Do not open a public GitHub issue for security vulnerabilities.
Instead, please either report vulnerabilities using GitHub Security Advisories: use the "Report a vulnerability" button on the Security tab or send an email to: 118902016+masa-57@users.noreply.github.com
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix for critical issues: Within 30 days
- Fix for non-critical issues: Within 90 days
You will be credited in the fix unless you prefer to remain anonymous.
PIC handles image data and provides an API with key-based authentication. When deploying:
- Always set a strong
PIC_API_KEYin production - Use HTTPS for all API communication
- Restrict database access to the API server and workers only
- Review S3/R2 bucket policies to prevent public access to images
- Rotate secrets regularly (see
docs/runbooks/secrets-rotation.md)