| Version | Supported |
|---|---|
| latest | ✅ |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via one of the following methods:
- Email: Send an email to contact@yoandev.co with details of the vulnerability
- GitHub Private Vulnerability Reporting: Use GitHub's private vulnerability reporting feature
When reporting a vulnerability, please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes (if you have them)
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Initial Assessment: We will provide an initial assessment within 7 days
- Resolution: We aim to resolve critical vulnerabilities within 30 days
- We will keep you informed of our progress
- We will credit you for the discovery (unless you prefer to remain anonymous)
- We will not take legal action against researchers who follow responsible disclosure
When using OpenBento:
- Keep your dependencies up to date
- Use environment variables for sensitive configuration
- Review exported code before deploying to production
For any security-related questions, reach out to:
- Email: contact@yoandev.co
- GitHub: @yoanbernabeu
Thank you for helping keep OpenBento secure! 🔒