| Version | Supported |
|---|---|
| 2.x.x | ✅ |
| < 2.0 | ❌ |
We take security seriously. If you discover a security vulnerability, please report it responsibly.
- Do NOT open a public issue
- Email us at: mailpriyanshugarg@gmail.com
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment within 48 hours
- Initial assessment within 1 week
- Resolution timeline based on severity
- Credit in release notes (if desired)
In scope:
- Authentication/authorization flaws
- SQL injection
- XSS vulnerabilities
- Data exposure
- CSRF attacks
Out of scope:
- Rate limiting issues
- Denial of service
- Social engineering
When deploying Ledger:
- Use strong JWT secrets (32+ random characters)
- Enable HTTPS in production
- Set secure environment variables
- Keep dependencies updated
- Use strong database passwords
- Enable database SSL in production
Thank you for helping keep Ledger secure!