Currently, we're supporting security updates for the following versions:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take the security of Running Finder seriously. If you believe you've found a security vulnerability, please follow these steps:
- Do not disclose the vulnerability publicly
- Email us directly at team@runningfinder.com with details about the vulnerability
- Include the following information in your report:
- Type of vulnerability
- Full paths of source files related to the vulnerability
- Steps to reproduce
- Potential impact
If you're contributing to Running Finder, please follow these security best practices:
- Never commit credentials or secrets to the repository
- Use environment variables for all sensitive configuration
- Apply input validation for all user inputs
- Follow secure coding practices and avoid common vulnerabilities like XSS, CSRF, SQL injection, etc.
- Keep dependencies updated to avoid known vulnerabilities
Running Finder implements several security features:
- Authentication via NextAuth.js with secure session handling
- Database security with parameterized queries via Drizzle ORM
- Input validation for all API endpoints
- HTTPS for all communications
We're committed to regular security reviews. If you're interested in conducting a security audit, please contact us at team@runningfinder.com.
Thank you for helping keep Running Finder secure!