Security Policy

September 7, 2025 ยท View on GitHub

Supported Versions

We actively support the following versions of this project:

VersionSupported
Latest:white_check_mark:
< Latest:x:

Reporting a Vulnerability

We take the security of our software seriously. If you believe you have found a security vulnerability, please report it to us as described below.

How to Report

Please do not report security vulnerabilities through public GitHub issues.

Instead, please send an email to: info@auroracapital.nl

Include the following information in your report:

  • Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
  • Full paths of source file(s) related to the manifestation of the issue
  • The location of the affected source code (tag/branch/commit or direct URL)
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if possible)
  • Impact of the issue, including how an attacker might exploit the issue

Response Timeline

  • We will acknowledge receipt of your vulnerability report within 48 hours
  • We will provide a detailed response within 7 days indicating next steps
  • We will keep you informed of our progress towards a fix and announcement
  • We may ask for additional information or guidance

Responsible Disclosure

We ask that you:

  • Give us reasonable time to investigate and mitigate an issue before making any information public
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services
  • Only interact with accounts you own or with explicit permission of the account holder

Security Best Practices

When contributing to this project, please follow these security guidelines:

  • Keep dependencies up to date
  • Use secure coding practices
  • Never commit secrets, API keys, or sensitive information
  • Use environment variables for configuration
  • Validate all inputs
  • Use HTTPS for all communications
  • Follow the principle of least privilege

Contact

For any security-related questions or concerns, please contact:

Thank you for helping keep our project and users safe!