| Version | Supported |
|---|---|
| 0.0.x | ✅ |
We take the security of Labitat seriously. If you discover a security vulnerability, please follow these steps:
- Do not open a public issue on GitHub.
- Email us at [security@labitat.example] (update with actual contact) with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- We will respond within 72 hours with an acknowledgment.
- We aim to resolve critical issues within 7 days and publish a security advisory.
For full security documentation, see docs/security.md.
- AES-256-GCM encryption for all stored service credentials
- HTTP-only, secure session cookies
- Security headers (HSTS, X-Frame-Options, CSP, etc.)
- Non-root container user
- Minimal attack surface (Alpine-based Docker image)
- Responsible disclosure
- Reasonable time for us to respond and resolve
- No exploitation of vulnerabilities beyond what's necessary to demonstrate impact
- Set a strong
SECRET_KEY(32+ random characters) - Use HTTPS in production
- Keep Labitat updated
- Back up your database and
SECRET_KEY
Thank you for helping keep Labitat secure!