If you discover a security vulnerability in UsefulDay, please report it promptly so we can address it. Follow these steps to ensure the issue is handled securely:
- Do Not Publicly Disclose: Please do not disclose the vulnerability publicly until it has been addressed and patched.
- Report Privately: Email the details of the security issue to [https://github.com/elokwentnie] @elokwentnie with a description of the vulnerability, steps to reproduce it, and any potential impact.
- Provide Details: Include as much detail as possible to help us understand and address the issue efficiently. If possible, provide a proof-of-concept or test case.
We take security seriously and aim to address reported vulnerabilities as quickly as possible. We will:
- Acknowledge Receipt: Confirm receipt of your report within 48 hours.
- Assess and Fix: Evaluate the issue and work on a fix. We may ask for additional information or assistance during this process.
- Notify and Patch: Release a patch or update to address the vulnerability and notify users of the update through our repository.
To help maintain the security of the project:
- Review Code: Follow best practices for secure coding and review code changes for potential security issues.
- Keep Dependencies Updated: Ensure that any dependencies or libraries used are up-to-date with the latest security patches.
- Use Secure Practices: Avoid hardcoding sensitive information and use environment variables or secure vaults for credentials.
Thank you for helping us keep UsefulDay secure!