Security Policy
Reportingโ
Please do not open public issues for security vulnerabilities. Contact the maintainer privately.
Important Rulesโ
- Never commit
.envfiles or API keys - Use
.env.examplefor templates - JWT secrets must be at least 32 characters
- Admin endpoints are rate-limited (3 req/5 min)
- PostgreSQL is not exposed outside Docker network in production
Supported Versionsโ
| Version | Supported |
|---|---|
| Latest main | โ |
| Older branches | Best effort |