Use this section to tell people about which versions of your project are currently being supported with security updates.
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
We take the security of our software seriously. If you believe you have found a security vulnerability, please report it to us as described below.
- Open a public issue or discuss the vulnerability in public forums
- Access or modify data that does not belong to you
- Email your findings to support@finitestate.io
- Provide details including:
- Type of vulnerability
- Location of the affected code
- Potential impact
- Steps to reproduce
- Suggested fix (if applicable)
- You will receive acknowledgment of your report within 48 hours
- You will receive updates on the status of the vulnerability within 7 days
- You will be notified when the vulnerability has been addressed
We appreciate responsible disclosure and will acknowledge security researchers who help us keep our software secure. If you would like to be credited, please let us know in your report.
When using the code and examples in this repository:
- Never commit secrets - Use environment variables or secure secret management
- Keep dependencies updated - Regularly update dependencies to include security patches
- Review code - Review any code before using it in production environments
- Use least privilege - Configure API keys and access tokens with minimum required permissions
- Monitor usage - Monitor API usage and set up alerts for unusual activity
- We will disclose vulnerabilities once they have been addressed
- We will credit researchers who responsibly disclose vulnerabilities (with permission)
- We will not take legal action against security researchers who:
- Act in good faith
- Follow responsible disclosure practices
- Do not cause damage or access data beyond what is necessary to demonstrate the vulnerability