We take the security of our project seriously. If you believe you have found a security vulnerability, please follow these steps:
- Do Not disclose the vulnerability publicly
- Send a detailed report to [prosper@sokoweb.com] or use GitHub's private vulnerability reporting feature
- Include the following in your report:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (if available)
- Acknowledgment of your report within 48 hours
- Regular updates on the progress of fixing the vulnerability
- Credit for responsible disclosure (if desired)
- Notification when the vulnerability is fixed
- The main repository code
- Official releases
- Official documentation
- API endpoints
- Authentication systems
- Third-party applications or services
- Issues already reported
- Theoretical vulnerabilities without proof of concept
- Issues requiring physical access to a user's device
- Keep dependencies up to date
- Follow secure coding guidelines
- Use strong authentication methods
- Implement input validation
- Apply the principle of least privilege
- Use secure communication protocols (HTTPS, SSH)
- Always use the latest stable version
- Keep your API keys and credentials secure
- Enable two-factor authentication
- Report suspicious activities
- Follow security advisories and updates
We provide security updates for the following versions:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
| 0.0.x | ❌ |
- Security patches are released as soon as possible after validation
- Critical vulnerabilities receive priority attention
- Updates are distributed through our standard release channels
- Release notes clearly indicate security-related fixes
- Vulnerabilities are disclosed after a fix is available
- A CVE ID is requested for significant vulnerabilities
- Users are notified through our security advisory system
- Public disclosure includes:
- Description of the vulnerability
- Impact assessment
- Mitigation steps
- Affected versions
- Credits to the reporter
- Primary: [prosper@sokoweb.com]
This security policy may be updated from time to time. We encourage you to check back periodically for any changes.
Last updated: [02/18/2025]
By responsibly disclosing security vulnerabilities, you help us ensure the security and privacy of our users. We appreciate your efforts and support in making our project more secure.