We take security seriously and will actively respond to any issues that are reported to us. Please ensure you are using the latest version of our software.
| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability, please follow the steps below to report it:
- Do not create a public issue. Instead, email us directly at security@devlive.org.
- Provide as much information as possible, including:
- A detailed description of the vulnerability.
- Steps to reproduce the vulnerability.
- Any potential impacts.
- Your contact information.
Upon receiving a vulnerability report, we will:
- Acknowledge receipt of the report within 24 hours and work with you to understand the issue.
- Validate the vulnerability and determine its impact and severity.
- Develop a fix for the vulnerability.
- Release a patch as soon as possible and notify you when the patch is available.
- Credit the reporter for the discovery in the release notes if they wish to be acknowledged.
We recommend the following best practices for ensuring the security of your deployment:
- Keep your software up to date. Ensure you are always running the latest version.
- Regularly audit your dependencies. Use tools like
npm audit,yarn audit, orpip-auditto find and fix vulnerabilities in third-party libraries. - Follow the principle of least privilege. Only grant the necessary permissions to users and services.
- Monitor and log activity. Set up monitoring and logging to detect any suspicious activity.
- Backup regularly. Ensure you have regular backups of your data and configurations.
For any security concerns or questions, you can contact us at:
- Email: security@devlive.org
- Twitter: @example
Thank you for helping to keep our community safe!