Skip to content

Security: EnterpriseX-Platform/IntegrationHub

Security

SECURITY.md

Security Policy

Supported versions

This project is under active development. Security fixes are applied to the latest released version on the main branch.

Version Supported
main (latest)
older tags

Reporting a vulnerability

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, report them privately using GitHub's private vulnerability reporting:

  1. Go to the "Security" tab of this repository.
  2. Click "Report a vulnerability" and fill in the advisory form.

Please include as much of the following as you can:

  • The type of issue (e.g. SQL injection, authentication bypass, secret exposure, SSRF).
  • The affected component and file path(s) / endpoint(s).
  • Step-by-step instructions to reproduce, and a proof-of-concept if possible.
  • The potential impact.

What to expect

  • We aim to acknowledge a report within a few business days.
  • We will work with you to understand and validate the issue, and keep you informed of progress.
  • Once a fix is ready, we will coordinate disclosure and credit you (if you wish).

Hardening notes for operators

  • Change all default credentials before exposing an instance (e.g. the seeded admin@integration.local / admin123 demo account and any demo SFTP/API keys).
  • Set a strong AUTH_JWT_SECRET and never commit real .env files.
  • Store connection credentials and API keys only in your own environment — never in the repository.

There aren't any published security advisories