Security updates and patches are applied to the following versions:
| Version | Supported |
|---|---|
| 0.x.x | β Current release |
| < 0.1.0 | β Not supported |
Please make sure you are using the latest version of RemoteVars before reporting issues.
a If you discover a security vulnerability within RemoteVars:
-
Do not open a public issue.
-
Instead, please email the maintainers directly at:
contact@josergarcia.dev -
Include:
- A detailed description of the vulnerability
- Steps to reproduce (if possible)
- Any possible mitigations or suggested fixes
Weβll respond as soon as possible, usually within 48 hours.
We ask that all security researchers:
- Respect user privacy and data integrity.
- Allow reasonable time (usually 30 days) for us to release a patch before public disclosure.
- Avoid exploitation or public demonstration without prior coordination.
For users of RemoteVars:
- Avoid sharing
.remotevars.jsonfiles with private tokens or credentials. - Prefer GitHub repositories with limited scopes or read-only access tokens.
- If using HTTP providers, ensure you use HTTPS endpoints.
- Regularly rotate credentials and access tokens.