MaximillianGroup takes the security of our plugins and the trust of our users very seriously. This document outlines the security policies for the Template plugin.

We encourage responsible disclosure of security vulnerabilities. If you believe you have found a security issue in Stellarsizer, please report it to us directly at [email protected].

Please do not create public issues for security vulnerabilities. Publicly disclosing a potential vulnerability before it has been addressed could put users at risk.

When reporting a vulnerability, please include as much of the following information as possible:

• Affected plugin version: (e.g., MaxX OnGuard 0.5.0)
• A detailed description of the vulnerability: Explain how the vulnerability works and its potential impact.
• Steps to reproduce the vulnerability: Provide clear steps to help us verify the issue.
• Proof of concept (PoC): If applicable, provide a PoC demonstrating the vulnerability.

1. Acknowledgment: We will acknowledge receipt of your vulnerability report within 3 business days.
2. Investigation: Our security team will investigate the reported issue to determine its validity and severity.
3. Patching: If the vulnerability is confirmed, we will develop and test a patch to address the issue.
4. Release: We will release the security patch in a timely manner, along with a security advisory that includes:
   • A description of the vulnerability
   • Affected versions of Max OnGuard
   • Remediation steps (usually updating to the patched version)
5. Public Disclosure: We may publicly disclose the vulnerability after a reasonable time period has passed to allow users to update.

We are committed to providing security support for the following Template versions:

• Currently Supported: 0.5.0 and later (up to the latest release)

Once MaxX OnGuard reaches version 1.0.0 (first public release), we will clearly define an end-of-life policy for older versions.

We follow secure coding practices during MaxX OnGuard's development, including:

• Input Validation and Sanitization: Protecting against common web vulnerabilities like Cross-Site Scripting (XSS) and SQL Injection.
• Secure Authentication and Authorization: Ensuring only authorized users can access sensitive plugin functionality.
• Dependency Management: Keeping plugin dependencies up-to-date to address known security issues.
• Regular Security Audits: Conducting periodic security reviews to identify and address potential vulnerabilities.

We kindly request that you follow these guidelines when reporting vulnerabilities:

• Do not exploit the vulnerability beyond what is necessary to demonstrate it.
• Do not disclose the vulnerability to any third party until we have had a reasonable opportunity to address it.
• Respect our vulnerability handling process and timelines.

We appreciate your cooperation in helping us keep MaxX OnGuard and its users secure.