The following versions of SocioSell are currently supported with security updates:

We take the security of SocioSell seriously. If you discover a security vulnerability, please follow these steps:

1. DO NOT create a public GitHub issue for the vulnerability.
2. Send a detailed report to [email protected]
3. Include the following in your report:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fixes (if any)

• Initial Response: You will receive an initial response within 48 hours acknowledging your report.
• Status Updates: We will provide updates every 72 hours on the progress of addressing the vulnerability.
• Resolution Timeline: We aim to resolve critical vulnerabilities within 7 days.

• Please allow us time to address the vulnerability before public disclosure.
• We will credit security researchers who report valid vulnerabilities.
• Coordinated disclosure will be handled through our security advisory process.

Security vulnerabilities may include:

• Authentication/Authorization flaws
• Data exposure vulnerabilities
• Input validation issues
• API security concerns
• Dependency-related vulnerabilities

The following are not considered vulnerabilities:

• Missing security headers that don't lead to exploits
• Vulnerabilities in unsupported versions
• Social engineering attacks
• DOS/DDOS attacks

When contributing to SocioSell:

• Always use the latest supported version
• Keep all dependencies updated
• Follow secure coding guidelines
• Use environment variables for sensitive data
• Run security checks before submitting PRs

• Security Email: [email protected]
• Discord Server: https://discord.gg/n34tSJ3TBs
• Response Time: 24-48 hours

We maintain a hall of fame for security researchers who help improve our security. Contributors will be acknowledged (with permission) in our security advisories.

This document was last updated on January 2, 2025. Security policies are reviewed and updated regularly.