We take security seriously. This section outlines how we handle security vulnerabilities in Foody.
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability in Foody, please help us by reporting it responsibly.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by emailing [INSERT EMAIL] or by creating a private security advisory on GitHub.
You can create a private security advisory by following these steps:
- Go to the Security tab in this repository
- Click "Report a vulnerability"
- Provide details about the vulnerability
When reporting a security vulnerability, please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes or mitigations
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Investigation: We will investigate the issue and work on a fix
- Updates: We will provide regular updates on our progress
- Disclosure: Once fixed, we will coordinate disclosure with you
We kindly ask that you:
- Give us reasonable time to fix the issue before public disclosure
- Avoid accessing or modifying user data
- Do not perform DoS attacks or degrade service performance
We appreciate security researchers who help keep our users safe. With your permission, we will acknowledge your contribution in our release notes.
Thank you for helping make Foody more secure!