If you discover a security vulnerability, please report it privately:
- Do NOT open a public GitHub issue
- Use GitHub's private vulnerability reporting
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- 24 hours: Acknowledgment of report
- 72 hours: Initial assessment
- 7 days: Fix deployed (for critical issues)
| Version | Supported |
|---|---|
| Latest | Yes |
This project implements:
- Input validation on all user inputs
- Rate limiting on mutations
- Authorization checks on admin endpoints
- SQL injection prevention via parameterized queries
- XSS prevention via URL validation
- Content moderation for untrusted users
- Dependabot security updates
- CodeQL code scanning