We provide security updates for the following versions:
| Version | Supported |
|---|---|
1.x |
β Security patches |
<1.0 |
β No longer supported |
We take security seriously! If you find a vulnerability, please DO NOT open a public issue. Instead, follow these steps:
-
π© Email us: Send an email to [your-security-email@example.com] with:
- A detailed description of the vulnerability.
- Steps to reproduce the issue (if possible).
- Any potential fixes or recommendations (optional).
-
π Encrypt the report (optional):
If you prefer, you can encrypt your email using our PGP key (provide your public key or link to it). -
π οΈ Response Time:
We aim to respond to security reports within 48 hours and resolve valid vulnerabilities within 7 days β depending on severity. -
π Acknowledgment:
We appreciate responsible disclosures. With your consent, we'll publicly acknowledge you in the project's release notes.
We recommend contributors and users follow these best practices:
- β Keep Django and dependencies updated.
- β Use environment variables for sensitive data like API keys and passwords.
- β
Avoid running the project with
DEBUG=Truein production. - β
Regularly audit third-party packages for vulnerabilities (
pip audit). - β Enable HTTPS in production environments.
Special thanks to all contributors and security researchers who help keep this project safe!