We release patches for security vulnerabilities for the following versions:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
If you discover a security vulnerability within ShipTime PHP, please send an email to Igor Sazonov at sovletig@gmail.com. All security vulnerabilities will be promptly addressed.
Please do not publicly disclose the issue until it has been addressed by the team.
When reporting a vulnerability, please include:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes (if applicable)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Fix Timeline: Varies based on severity, but typically within 30 days
When using this library:
- Never commit API credentials to version control
- Use environment variables for API keys and secrets
- Keep dependencies updated regularly
- Use HTTPS for all API communications (default)
- Validate and sanitize all user input before passing to the API
- Implement rate limiting in your application
- Log security events appropriately
- Follow Laravel security best practices when using with Laravel
When a security vulnerability is reported, we will:
- Confirm the vulnerability
- Determine the severity
- Develop and test a fix
- Release a security patch
- Publicly disclose the vulnerability details after the patch is available
Thank you for helping keep ShipTime PHP and its users safe!