If you discover a security vulnerability in this project, we encourage you to report it as soon as possible. Please follow these steps to ensure the issue is handled responsibly:
- Contact Us: Email us at ali.dalhouss@gmail.com with the details of the vulnerability.
- Confidentiality: We will treat your report confidentially and will not disclose the issue until a fix is available.
- Response Time: We will acknowledge your report within 48 hours and aim to provide a resolution within 14 days, depending on the complexity of the issue.
The following versions of this project are currently supported and receiving security updates:
| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.0 | ❌ |
When a version reaches its end-of-life (EOL), it will no longer receive security updates. We recommend upgrading to a supported version promptly.
- Patch Releases: Security patches will be released as minor or patch updates. These updates will be announced via the Releases page.
- Changelog: Security fixes will be detailed in the changelog to help users understand the nature of vulnerabilities addressed.
To maintain the security of this project, we adhere to the following practices:
- Code Reviews: All contributions are reviewed for security implications before being merged.
- Dependency Management: Dependencies are regularly reviewed and updated to the latest secure versions.
- Static Analysis: We use automated tools to scan the codebase for vulnerabilities.
- Secure Configurations: Ensure that your environment variables and configuration files are secured. Do not commit sensitive data to version control.
- Docker Best Practices: Follow Docker's security guidelines to minimize risks in containerized environments.
- Disclosure Policy: We will publicly disclose security issues only after a fix is available, balancing transparency with user protection.
- License: This project is distributed under the MIT License, and users must comply with its terms.
To ensure the project's security remains robust:
- Security Audits: We perform regular security audits of the codebase.
- Community Engagement: We welcome contributions and feedback from the community to improve security.
Thank you for helping us make Laravel-Docker a secure and reliable project for everyone.