If you discover a security vulnerability in ThePubLib, we appreciate your help in disclosing it responsibly. Please follow these guidelines to report the issue to us:
- Email: Send an email to our security team with a detailed description of the vulnerability.
- Subject: Use the subject line "Demetrius Security Vulnerability - [Brief Description]" to help us prioritize and track the issue.
- Provide Information: Include as much information as possible about the vulnerability, including steps to reproduce, potential impact, and any related proof-of-concept or exploit code.
- Do Not Disclose Publicly: To protect our users, we kindly request that you refrain from publicly disclosing the vulnerability until we have had a chance to address it.
Our security team will acknowledge your email within 3 days and work with you to address the reported vulnerability.
Demetrius follows a versioning scheme where we maintain and provide security updates for the latest stable release. If you are using an older version, we recommend updating to the latest release to ensure you have the latest security patches.
We are committed to promptly addressing security vulnerabilities and providing timely security advisories to our users. Whenever a security vulnerability is identified and fixed, we will release a security advisory detailing the vulnerability and the steps required to mitigate it.
We will communicate security advisories through the following channels:
- The
SECURITY.mdfile in this repository. - Notifications via our mailing list and social media channels.
To enhance the security of your application's deployment, we recommend following these best practices:
- Keep your installation up to date with the latest stable release.
- Regularly review and apply security patches and updates to your underlying system and dependencies.
- Ensure proper access controls and authentication mechanisms are in place.
- Implement secure coding practices to prevent common vulnerabilities like SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
- Regularly audit and review user access privileges and permissions.
- Enable logging and monitoring to detect and respond to potential security incidents.
By following these guidelines and best practices, you can help maintain the security and integrity of your ThePubLib installation.
If you have any questions or need further assistance regarding security-related matters, please contact our security team throught this mail.
Thank you for your support and collaboration in keeping ThePubLib secure.
No issues currently open