Skip to content

Security: nick-cjyx9/astro-theme-hiro

Security

SECURITY.md

Security Policy

Supported Versions

Security fixes are currently provided for the latest code on the main branch.

Version Supported
main
older snapshots/tags

Reporting a Vulnerability

Please do not open public issues for security vulnerabilities.

Use one of the private channels below:

  1. GitHub Security Advisories (preferred): open a private vulnerability report in the repository.
  2. If advisories are unavailable, contact maintainers directly through private repository contact channels.

Please include as much detail as possible:

  • affected area and impact
  • reproduction steps or proof of concept
  • environment details (local, preview, Cloudflare runtime)
  • suggested mitigation (optional)

Response Targets

  • Initial acknowledgment: within 72 hours
  • Triage decision: within 7 days
  • Fix timeline: depends on severity and complexity, shared during triage

Secret Handling

  • Never commit real credentials in .env, .dev.vars, or source files.
  • Rotate keys immediately if a secret leak is suspected.
  • Keep Cloudflare, OAuth, JWT, and email provider credentials scoped to least privilege.

Disclosure Policy

After a fix is available, maintainers may publish a summary including impact, affected versions, and mitigation guidance.

There aren't any published security advisories