Skip to content

Security: sanprat/Signalcraft

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in SignalCraft, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please email the maintainer directly:

Include the following in your report:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if any)

Response Timeline

  • Acknowledgement: within 48 hours
  • Initial assessment: within 5 business days
  • Fix or mitigation: prioritised based on severity

Scope

The following are in scope:

  • Authentication and session management flaws
  • SQL injection, XSS, SSRF, or other injection attacks
  • Broken access control or privilege escalation
  • Secrets exposure via logs, error messages, or API responses
  • Insecure default configurations

Out of Scope

  • Denial of service attacks
  • Social engineering
  • Issues in third-party dependencies (report upstream)

Supported Versions

Version Supported
Latest main
Older releases

Security Best Practices for Deployment

See the README for environment variable guidance and deployment hardening.

There aren't any published security advisories