| Version | Supported |
|---|---|
| Latest | β |
If you discover a security vulnerability in Library of Pi, please report it responsibly:
- GitHub Security Advisory: Report privately
- Contact: LinkedIn
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution: Varies by severity
- Authentication/authorization issues
- Data validation vulnerabilities
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Security misconfigurations
- Dependency vulnerabilities
- Social engineering attacks
- Physical attacks
- Denial of service attacks
- Issues requiring physical access
- Issues in third-party services (APIs, hosting)
- Content Security Policy headers
- XSS protection headers
- HTTPS enforcement
- Input validation and sanitization
- Dependency vulnerability scanning
- Regular security updates
- Automated dependency updates via Dependabot
- Regular security audits
- Code review requirements
- Security-focused development practices
We appreciate security researchers who help make Library of Pi safer. Valid security reports will be acknowledged in our Hall of Fame (if you wish to be listed).
Thank you for keeping Library of Pi secure! π