If you discover a security vulnerability in SCHub, we appreciate your help in disclosing it responsibly. Please follow these guidelines to report the issue to us:

• Email: Send an email to our security team with a detailed description of the vulnerability.
• Subject: Use the subject line "SCHub Security Vulnerability - [Brief Description]" to help us prioritize and track the issue.
• Provide Information: Include as much information as possible about the vulnerability, including steps to reproduce, potential impact, and any related proof-of-concept or exploit code.
• Do Not Disclose Publicly: To protect our users, we kindly request that you refrain from publicly disclosing the vulnerability until we have had a chance to address it.

Our security team will acknowledge your email within 3 days and work with you to address the reported vulnerability.

SCHub follows a versioning scheme where we actively maintain and provide security updates for the latest stable release. If you are using an older version, we recommend updating to the latest release to ensure you have the latest security patches.

We are committed to promptly addressing security vulnerabilities and providing timely security advisories to our users. Whenever a security vulnerability is identified and fixed, we will release a security advisory detailing the vulnerability and the steps required to mitigate it.

We will communicate security advisories through the following channels:

• The SECURITY.md file in this repository.
• Our official website at SCHub Announcements.
• Notifications via our mailing list and social media channels.

To enhance the security of your SCHub deployment, we recommend following these best practices:

• Keep your SCHub installation up to date with the latest stable release.
• Regularly review and apply security patches and updates to your underlying system and dependencies.
• Ensure proper access controls and authentication mechanisms are in place.
• Implement secure coding practices to prevent common vulnerabilities like SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
• Regularly audit and review user access privileges and permissions.
• Enable logging and monitoring to detect and respond to potential security incidents.

By following these guidelines and best practices, you can help maintain the security and integrity of your SCHub installation.

If you have any questions or need further assistance regarding security-related matters, please contact our security team throught this mail.

Thank you for your support and collaboration in keeping SCHub secure.

No issues currently open