Security Policy
September 7, 2025 ยท View on GitHub
Supported Versions
We actively support the following versions of this project:
| Version | Supported |
|---|---|
| Latest | :white_check_mark: |
| < Latest | :x: |
Reporting a Vulnerability
We take the security of our software seriously. If you believe you have found a security vulnerability, please report it to us as described below.
How to Report
Please do not report security vulnerabilities through public GitHub issues.
Instead, please send an email to: info@auroracapital.nl
Include the following information in your report:
- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
Response Timeline
- We will acknowledge receipt of your vulnerability report within 48 hours
- We will provide a detailed response within 7 days indicating next steps
- We will keep you informed of our progress towards a fix and announcement
- We may ask for additional information or guidance
Responsible Disclosure
We ask that you:
- Give us reasonable time to investigate and mitigate an issue before making any information public
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services
- Only interact with accounts you own or with explicit permission of the account holder
Security Best Practices
When contributing to this project, please follow these security guidelines:
- Keep dependencies up to date
- Use secure coding practices
- Never commit secrets, API keys, or sensitive information
- Use environment variables for configuration
- Validate all inputs
- Use HTTPS for all communications
- Follow the principle of least privilege
Contact
For any security-related questions or concerns, please contact:
- Email: info@auroracapital.nl
- Organization: Aurora Capital
Thank you for helping keep our project and users safe!