| Version | Supported |
|---|---|
| 1.0.x | ✅ |
We take security seriously at JWTKit. If you discover a security vulnerability, please follow these steps:
- Do NOT open a public issue
- Email us at m.eshanized@gmail.com with:
- A description of the vulnerability
- Steps to reproduce (if possible)
- Potential impact
- Any suggestions for remediation
We strive to respond to security reports within 48 hours and will keep you updated throughout the process.
- Acknowledgment of your report within 48 hours
- Regular updates on our progress
- Credit for your discovery (unless you prefer to remain anonymous)
- Notification when the vulnerability is fixed
When using JWTKit:
- Always use strong secrets for HMAC algorithms
- Prefer asymmetric algorithms (RS256, ES256) over symmetric ones
- Keep your private keys secure
- Regularly rotate your keys
- Monitor the audit logs for suspicious activity