If you discover a security vulnerability in any DevForge tool, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please:
- Email security concerns to the maintainers via GitHub's security advisory feature
- Use GitHub's private vulnerability reporting feature
- Include a clear description of the vulnerability and steps to reproduce
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 5 business days
- Resolution: Depends on severity, critical issues prioritized
We support the latest release of each tool. Please update to the latest version before reporting issues.
- Never commit secrets, API keys, or credentials
- Use environment variables for sensitive configuration
- Report any discovered credentials in source code immediately
Thank you for helping keep DevForge secure.