Security

SECURITY.md

Security Policy

Supported Scope

Security reports are accepted for both applications:

clinic-backend/
clinic-frontend/

Reporting a Vulnerability

Please do not open public issues for sensitive vulnerabilities.

Report privately to maintainers with:

Affected component and endpoint/page
Reproduction steps
Potential impact
Suggested mitigation (if available)

Response Targets

Initial acknowledgement: within 72 hours
Triage and severity assessment: within 7 days
Fix timeline: based on severity and reproducibility

Disclosure

After remediation, maintainers may publish a summary and patch references.

There aren’t any published security advisories