Security
Security Policy
Supported Versions
Only the latest version of the website is actively maintained and receives security updates.
Reporting Vulnerabilities
🚫
Important: Do not report security
vulnerabilities through public GitHub issues.
How to Report
Email: [email protected]
Include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if available)
Response Timeline
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution: Based on severity (1-30 days)
What to Expect
- Acknowledgment - We confirm receipt of your report
- Assessment - We evaluate the vulnerability and impact
- Resolution - We develop and test a fix
- Disclosure - Coordinated disclosure after fix is deployed
- Recognition - Credit in security advisories (if desired)
Security Measures
Website Security
- HTTPS enforced via Cloudflare
- Content Security Policy headers
- Secure coding practices in Hugo templates
- Regular dependency updates
Community Security
- Moderation tools and community guidelines
- Private reporting channels for sensitive issues
- Protection of user privacy and personal information
Scope
In Scope:
- Website vulnerabilities (XSS, injection, etc.)
- Infrastructure security issues
- Privacy violations
- Authentication/authorization bypasses
Out of Scope:
- Social engineering attacks
- Physical attacks against infrastructure
- Denial of service attacks
- Issues in third-party services we don’t control
Recognition
We appreciate security researchers who help keep our community safe. Responsible disclosure will be acknowledged in our security advisories.
Contact: [email protected]