The following versions of CanvasCelebration are actively supported with security updates. We strongly encourage users to keep their installations up to date.
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
Security is a top priority for us. If you discover a security vulnerability in CanvasCelebration, please follow the responsible disclosure guidelines outlined below:
- Do Not Publicly Disclose: Please do not open a public issue on GitHub or disclose details of the vulnerability in public forums.
- Report Privately: Send an email to [email protected] with the following details:
- A clear description of the issue.
- Steps to reproduce the vulnerability.
- Potential impact assessment.
- Any suggested fixes or mitigations (if available).
- Acknowledgment & Response:
- We will acknowledge receipt of your report within 48 hours.
- We will conduct an internal investigation and provide an estimated timeline for a fix.
- You will be updated on the progress and final resolution.
To help keep CanvasCelebration secure, we recommend the following best practices:
- Keep Dependencies Updated: Regularly update dependencies to patch known vulnerabilities.
- Use HTTPS: Always serve the application over secure HTTPS connections.
- Limit Permissions: Use the principle of least privilege when handling sensitive data.
- Monitor for Threats: Enable logging and monitoring tools to detect unauthorized access attempts.
We appreciate security researchers who follow responsible disclosure practices. If you report a valid security issue, we are happy to publicly acknowledge your contribution in our project’s release notes.
For any other security-related concerns, please contact us at [email protected].
Thank you for helping us make CanvasCelebration safer!