We take security seriously and work to address any security vulnerabilities promptly. The following versions of ThemeCraft are currently being supported with security updates:

We appreciate your effort to responsibly disclose security vulnerabilities. If you discover a security issue, please follow the steps below:

1. Do NOT create a public GitHub issue for security vulnerabilities
2. Email us at: security@themecraft.top
3. Include detailed information about the vulnerability:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Initial Response: Within 48 hours
• Status Update: Within 7 days
• Resolution: Variable based on complexity

1. We'll acknowledge receipt of your vulnerability report
2. We'll provide an estimated timeline for fix
3. We'll work with you to understand and resolve the issue
4. Once fixed, we'll release an updated version
5. We'll credit you (unless you prefer to remain anonymous)

We believe in recognizing security researchers who help keep our users safe:

• Named recognition in our security advisory (unless anonymity is requested)
• Contributor acknowledgment in our releases
• Invitation to our security hall of fame

• Always use the latest version of ThemeCraft
• Only install themes from trusted sources
• Review theme files before installation
• Keep your code editors up to date

• Follow secure coding practices
• Use parameterized queries
• Validate and sanitize all inputs
• Keep dependencies updated
• Use HTTPS for all communications

ThemeCraft includes several built-in security features:

• Input Validation: All user inputs are validated and sanitized
• XSS Protection: Content Security Policy headers
• HTTPS Only: Secure connections enforced
• Dependency Scanning: Regular security audits of dependencies

• Security Email: security@themecraft.top
• General Contact: contact@themecraft.top
• GitHub Security: Use GitHub's private vulnerability reporting

We ask that you:

• Give us reasonable time to investigate and fix the issue before public disclosure
• Make a good faith effort to avoid privacy violations, data destruction, or service disruption
• Only interact with accounts you own or have explicit permission to access
• Report the vulnerability through the channels listed above

We support security research conducted in good faith and will not pursue legal action against researchers who:

• Make a good faith effort to avoid privacy violations, data destruction, or service disruption
• Report vulnerabilities through the proper channels
• Give us reasonable time to respond before public disclosure

If you plan to publicly disclose a vulnerability, please contact us first so we can coordinate the disclosure and ensure users are protected.

Thank you for helping keep ThemeCraft and our users safe! 🔒