The following versions of HoYo Code Sender Discord Bot are currently supported with security updates:

We take the security of HoYo Code Sender Discord Bot seriously. If you believe you've found a security vulnerability, please follow these steps:

DO NOT create a public GitHub issue for security vulnerabilities.

Instead, please report security vulnerabilities through one of these channels:

1. Email: Send details to mail@chiraitori.io.vn with the subject "Security Vulnerability Report"

2. Discord: Contact the bot owner privately through our Discord support server

When reporting a security issue, please include:

• A clear description of the vulnerability
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Any possible mitigations you've identified
• Your name/handle for credit (optional)

After you report a security vulnerability:

1. Acknowledgment: We aim to acknowledge receipt of your report within 48 hours
2. Assessment: We'll investigate the issue and determine its impact and severity
3. Resolution Plan: We'll develop a fix for the vulnerability
4. Disclosure: Once a fix is ready, we'll coordinate disclosure with you

We're committed to responding quickly to security reports and keeping you informed throughout the process.

1. Permission Management: Only grant the bot the minimum permissions it needs
2. Channel Restrictions: Restrict the bot to specific channels where it needs to operate
3. Regular Audits: Periodically review which bots have access to your server and their permissions

If you're self-hosting this bot:

1. Keep Updated: Always use the latest version with security patches
2. Environment Security:
   • Use secure environment variables for tokens and sensitive data
   • Never commit .env files to public repositories
   • Ensure your hosting environment has proper firewalls and security measures
3. Dependency Management: Regularly update dependencies to patch known vulnerabilities
4. Limited Access: Restrict database access to only what's necessary

The HoYo Code Sender Discord Bot includes the following security features:

• Input Validation: Prevents injection attacks and malicious inputs
• Rate Limiting:
  • Global rate limiting (100 requests per 15 minutes per IP)
  • API-specific stricter rate limiting (30 requests per 5 minutes per IP)
  • Protection against DoS/DDoS attacks
• Permission Controls: Proper handling of Discord permissions
• Secure Storage: Secure storage of configuration data and environment variables

• Security vulnerabilities will be addressed as quickly as possible
• Fixed vulnerabilities will be disclosed after patches are available
• Credit will be given to reporters who wish to be identified
• Updates about vulnerabilities will be announced in our Discord server

We appreciate the community's help in keeping HoYo Code Sender Discord Bot secure. Responsible disclosure of vulnerabilities helps protect all our users.