Skip to content

Security: programinglive/laler

Security

SECURITY.md

Security Policy

Supported Versions

We actively support the following versions of Laler with security updates:

Version Supported
>= 1.0
< 1.0

Reporting a Vulnerability

If you discover a security vulnerability in Laler, please help us maintain the security of the project by reporting it responsibly.

How to Report

  1. DO NOT create a public issue on GitHub
  2. DO NOT discuss the vulnerability in public forums or chat rooms
  3. DO send an email to: mahatmamahardhika200588@gmail.com

What to Include

Please include the following information in your report:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Any suggested fixes or mitigations
  • Your contact information for follow-up questions

Response Timeline

  • Initial Response: We will acknowledge receipt of your report within 48 hours
  • Assessment: We will assess the vulnerability within 5 business days
  • Resolution: Critical vulnerabilities will be addressed within 7 days, others within 30 days
  • Disclosure: We will coordinate responsible disclosure with you

Responsible Disclosure

We are committed to working with security researchers to verify and address any potential vulnerabilities. We ask that you:

  • Give us reasonable time to investigate and fix the issue before public disclosure
  • Avoid accessing, modifying, or deleting data that doesn't belong to you
  • Don't perform actions that could harm the reliability or integrity of our services

Security Best Practices

When using Laler in production:

  1. Keep Updated: Always use the latest stable version
  2. Network Security: Ensure TauriDumper endpoints are not exposed to untrusted networks
  3. Access Control: Limit access to debug interfaces in production environments
  4. Data Sensitivity: Be careful not to dump sensitive information (passwords, API keys, etc.)

Acknowledgments

We appreciate the security research community's efforts to improve the safety of open source software. Researchers who responsibly disclose vulnerabilities will be acknowledged in our security advisories (with their permission).

Contact

For any security-related questions or concerns, please contact:

This security policy is effective as of October 2025 and may be updated as needed.

There aren’t any published security advisories