Skip to content

Security: tigusigalpa/shiptime-php

Security

SECURITY.md

Security Policy

Supported Versions

We release patches for security vulnerabilities for the following versions:

Version Supported
1.x.x

Reporting a Vulnerability

If you discover a security vulnerability within ShipTime PHP, please send an email to Igor Sazonov at sovletig@gmail.com. All security vulnerabilities will be promptly addressed.

Please do not publicly disclose the issue until it has been addressed by the team.

What to Include

When reporting a vulnerability, please include:

  • A description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Any suggested fixes (if applicable)

Response Timeline

  • Initial Response: Within 48 hours
  • Status Update: Within 7 days
  • Fix Timeline: Varies based on severity, but typically within 30 days

Security Best Practices

When using this library:

  1. Never commit API credentials to version control
  2. Use environment variables for API keys and secrets
  3. Keep dependencies updated regularly
  4. Use HTTPS for all API communications (default)
  5. Validate and sanitize all user input before passing to the API
  6. Implement rate limiting in your application
  7. Log security events appropriately
  8. Follow Laravel security best practices when using with Laravel

Disclosure Policy

When a security vulnerability is reported, we will:

  1. Confirm the vulnerability
  2. Determine the severity
  3. Develop and test a fix
  4. Release a security patch
  5. Publicly disclose the vulnerability details after the patch is available

Thank you for helping keep ShipTime PHP and its users safe!

There aren't any published security advisories