mirror of
https://gitee.com/devlive-community/datacap.git
synced 2024-11-30 11:07:41 +08:00
2.1 KiB
2.1 KiB
Security Policy
Supported Versions
We take security seriously and will actively respond to any issues that are reported to us. Please ensure you are using the latest version of our software.
Version | Supported |
---|---|
1.x | ✅ |
< 1.0 | ❌ |
Reporting a Vulnerability
If you discover a security vulnerability, please follow the steps below to report it:
- Do not create a public issue. Instead, email us directly at security@devlive.org.
- Provide as much information as possible, including:
- A detailed description of the vulnerability.
- Steps to reproduce the vulnerability.
- Any potential impacts.
- Your contact information.
Vulnerability Handling
Upon receiving a vulnerability report, we will:
- Acknowledge receipt of the report within 24 hours and work with you to understand the issue.
- Validate the vulnerability and determine its impact and severity.
- Develop a fix for the vulnerability.
- Release a patch as soon as possible and notify you when the patch is available.
- Credit the reporter for the discovery in the release notes if they wish to be acknowledged.
Security Best Practices
We recommend the following best practices for ensuring the security of your deployment:
- Keep your software up to date. Ensure you are always running the latest version.
- Regularly audit your dependencies. Use tools like
npm audit
,yarn audit
, orpip-audit
to find and fix vulnerabilities in third-party libraries. - Follow the principle of least privilege. Only grant the necessary permissions to users and services.
- Monitor and log activity. Set up monitoring and logging to detect any suspicious activity.
- Backup regularly. Ensure you have regular backups of your data and configurations.
Contact
For any security concerns or questions, you can contact us at:
- Email: security@devlive.org
- Twitter: @example
Thank you for helping to keep our community safe!