| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
Please DO NOT report security vulnerabilities publicly.
Instead, please email security@localzet.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge receipt within 24 hours and provide an initial response within 48 hours.
- Always keep dependencies up to date
- Use HTTPS in production
- Set
debug = falsein production - Use parameterized queries for database operations
- Validate and sanitize all user input
- Use CSRF protection for state-changing operations
- Configure CORS properly for your domain
- Use secure session configuration
- Implement rate limiting for public APIs
- Regular security audits of your application code
- We will investigate and respond to all security reports
- We will notify affected users if a vulnerability is confirmed
- We will provide patches for supported versions
- We will credit security researchers who responsibly disclose vulnerabilities (with permission)