We release patches for security vulnerabilities in the following versions:

The Lavalite Team and community take security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them via email to: security@litepie.com

Include the following information in your report:

• Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit the issue

• Acknowledgment: We'll acknowledge receipt of your vulnerability report within 48 hours
• Initial Response: We'll provide an initial response within 72 hours indicating the next steps
• Progress Updates: We'll keep you informed about our progress in resolving the issue
• Resolution: We'll notify you when the vulnerability has been fixed

1. Assessment: We'll assess the vulnerability and determine its severity
2. Fix Development: We'll develop and test a fix
3. Release: We'll release a security patch
4. Disclosure: We'll publish a security advisory

We request that you:

• Give us reasonable time to investigate and fix the issue before public disclosure
• Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services
• Only interact with accounts you own or with explicit permission of the account holder

We appreciate the security research community's efforts to help keep Litepie Logs secure. Security researchers who responsibly disclose vulnerabilities will be:

• Acknowledged in our security advisories (unless they prefer to remain anonymous)
• Listed in our Hall of Fame (if they consent)

Litepie Logs includes several built-in security features:

• Data Anonymization: Automatic IP address anonymization
• Field Exclusion: Exclude sensitive fields from logging
• Data Hashing: Hash sensitive data before storage
• Access Control: Role-based access to activity logs
• GDPR Compliance: Built-in privacy protection features

When using Litepie Logs:

1. Configure Privacy Settings: Enable IP anonymization and exclude sensitive fields
2. Use HTTPS: Always use encrypted connections in production
3. Secure Database: Ensure your database is properly secured
4. Regular Updates: Keep the package updated to the latest version
5. Access Control: Implement proper authentication and authorization
6. Data Retention: Configure appropriate data retention policies

For security-related questions or concerns, please contact:

• Email: security@litepie.com
• GPG Key: Available upon request

Thank you for helping keep Litepie Logs and our users safe! 🛡️