We currently support the following versions with security updates:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
Please do not report security vulnerabilities through public GitHub issues.
- Email: Send details to security@refspring.com
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Fix Timeline: Depends on severity
- 🔴 Critical: Immediate attention (24-48h)
- 🟠 High: High priority (1 week)
- 🟡 Medium: Standard timeline (2-4 weeks)
- 🟢 Low: Best effort (1-3 months)
- Keep your Firebase configuration secure
- Use environment variables for sensitive data
- Regularly update dependencies
- Enable 2FA on your accounts
- Never commit sensitive data
- Use
.env.examplefor environment templates - Follow secure coding practices
- Validate all inputs
This project is currently in development. Known security areas requiring attention:
- Firebase security rules implementation
- Server-side validation
- Input sanitization
- Rate limiting
- CORS configuration
- Security Email: security@refspring.com
- General Contact: support@refspring.com
We appreciate responsible disclosure and may acknowledge security researchers in our changelog (with permission).