Security is very important for this project and its community. π
Learn more about it below. π
We currently support the following versions with security updates:
| Version | Supported |
|---|---|
| 1.x.x | β |
| < 1.0.0 | β |
We take the security of TinyLS seriously. If you believe you have found a security vulnerability, please follow these steps:
-
Do Not disclose the vulnerability publicly
-
Email the security team at security@tinyls.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (if available)
-
You will receive a response within 48 hours
-
We will work with you to verify and fix the vulnerability
-
Once fixed, we will:
- Credit you in the security advisory
- Update the documentation
- Release a patch
- OAuth2 with Google and GitHub
- JWT-based authentication
- Secure password hashing
- Session management
- Rate limiting
- HTTPS/TLS encryption
- Input validation
- SQL injection prevention
- XSS protection
- CSRF protection
- Regular security updates
- Firewall configuration
- Network isolation
- Access control
- Monitoring and logging
- Keep your dependencies updated
- Use strong passwords
- Enable 2FA when available
- Report security issues responsibly
- Follow security guidelines
- Follow secure coding practices
- Implement proper input validation
- Use prepared statements
- Keep dependencies updated
- Follow the principle of least privilege
We regularly:
- Update dependencies
- Apply security patches
- Review security configurations
- Conduct security audits
- Update security documentation
For security-related issues:
- Email: security@tinyls.com
- Security Team: @tinyls/security
- Security Policy: SECURITY.md
We thank all security researchers and contributors who help make TinyLS more secure.
Please restrain from publicly discussing a potential security vulnerability. π
It's better to discuss privately and try to find a solution first, to limit the potential impact as much as possible.
Thanks for your help!
The community and I thank you for that. π