We actively support and provide security updates for the following versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
If you discover a security vulnerability, please report it responsibly:
- Do NOT create a public GitHub issue
- DO email us directly or contact maintainers privately
- Include detailed steps to reproduce
- We will acknowledge and work on a fix
- JWT-based authentication with secure token handling
- Passwords hashed with bcrypt
- Secure cookie configuration (HttpOnly, Secure, SameSite)
- Environment-based secrets management
- Input validation and sanitization
- SQL injection prevention via parameterized queries
- Rate limiting on sensitive endpoints
- CORS configuration
- Proper HTTP status codes
- HTTPS enforcement
- Regular dependency updates
- Docker containerization for isolation
- Use strong, unique passwords
- Enable notifications for important updates
- Keep your profile information up to date
- Log out from shared devices
Security fixes will be documented in the project changelog.