| Version | Supported |
|---|---|
| 1.x.x | ✅ |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
Please report security vulnerabilities through GitHub's Security Advisories:
When reporting a vulnerability, please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes (optional)
- Initial Response: Within 48 hours
- Status Update: Within 5 business days
- Resolution Target: Depends on severity
This project implements several security measures:
- Multi-stage Docker builds with non-root user
- Input validation using class-validator
- Strict TypeScript configuration
- Regular dependency updates
- Health check endpoints for monitoring
When deploying this service:
- Always use HTTPS in production
- Configure appropriate firewall rules
- Use secrets management for sensitive configuration
- Enable container security scanning
- Monitor logs for suspicious activity