| Version | Supported |
|---|---|
| 0.3.x (latest) | ✅ |
| < 0.3.0 | ❌ |
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, use GitHub's private security advisory feature:
- Go to the Security tab in this repository
- Click "Report a vulnerability"
- Fill out the form with details
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact and severity
- Suggested fixes or mitigations (if known)
| Step | Timeline |
|---|---|
| Acknowledgment | Within 48 hours |
| Investigation | Within 1 week |
| Fix release | As soon as possible |
| Public disclosure | Coordinated with reporter |
We'll credit you (with your permission) in our security advisory.
- Never commit API keys or tokens to version control
- Geeto stores credentials locally in
.geeto/— keep this directory private - Rotate keys regularly
- Use the principle of least privilege
- All API calls use HTTPS
- Be cautious with third-party integrations
- Keep your system and dependencies updated
- Review code changes before merging
- Enable branch protection rules
- Monitor for unusual activity
Security fixes are released as patch versions with high priority. Announcements are made through:
For security-related inquiries: amdev142@gmail.com
Thank you for helping keep Geeto and its users secure!