We release patches for security vulnerabilities. Currently supported versions:
| Version | Supported |
|---|---|
| 1.0.x | β |
| < 1.0 | β |
We take the security of badhope's Starbase seriously. If you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via:
-
GitHub Security Advisory (Preferred)
- Go to the Security Advisories page
- Click "Report a vulnerability"
- Fill in the details
-
Email (Alternative)
- Send an email to the repository owner
- Include "SECURITY" in the subject line
Please include the following information:
- Type of vulnerability
- Full path of the affected file(s)
- Steps to reproduce
- Proof-of-concept or exploit code (if possible)
- Impact of the vulnerability
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution: Depends on complexity, typically within 30 days
- We follow responsible disclosure practices
- We will acknowledge your report after investigation
- We will keep you informed about the progress
- We may offer credit for valid security reports
When using this project:
- Keep dependencies up to date
- Do not expose API keys in public repositories
- Use environment variables for sensitive configuration
- Review code before deploying to production
- Enable branch protection and required reviews
Security updates will be announced via:
- GitHub Security Advisories
- Release notes in CHANGELOG.md
- GitHub Releases
Thank you for helping keep badhope's Starbase secure! π