Skip to content

Security: marvinpoo/gitstats

Security

SECURITY.md

Security Policy

The GitStats team takes the security of our software seriously. If you believe you have found a security vulnerability in our project, please follow the guidelines below to report it.

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them directly to the project maintainer at:

  • Email: coppnic@e.email
  • Subject: [SECURITY] GitStats Security Vulnerability

Please include the following information in your report:

  • Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
  • Full paths of source file(s) related to the manifestation of the issue
  • The location of the affected source code (tag/branch/commit or direct URL)
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if possible)
  • Impact of the issue, including how an attacker might exploit the issue

Preferred Languages

We prefer all communications to be in English.

Response Policy

When you report a vulnerability, you can expect that we will:

  • Confirm receipt of your vulnerability report within 48 hours
  • Provide an estimated timeline for a fix within 1 week
  • Keep you informed about the progress of the fix
  • Credit you for discovering the issue (unless you prefer to remain anonymous)

Disclosure Policy

  • The vulnerability will be disclosed only after it has been fixed
  • The disclosure will include credit to the reporter (unless they prefer to remain anonymous)
  • The disclosure will include details about the vulnerability, the fix, and any mitigations

Security Updates

Security updates will be released as part of our regular update cycle, or as emergency patches depending on the severity of the vulnerability.

Supported Versions

We currently provide security updates for the following versions of GitStats:

Version Supported
1.0.x

Security-Related Configuration

GitStats requires a GitHub personal access token to function. Please ensure that:

  1. You create a token with the minimum necessary permissions
  2. You never share your token with others
  3. You store your token securely
  4. You rotate your token periodically

Contact

If you have any questions about this security policy, please contact the project maintainer:

Marvin @marvinpoo Borisch - coppnic@e.email

There aren’t any published security advisories