The following versions of CanvasCelebration are actively supported with security updates. We strongly encourage users to keep their installations up to date.

Security is a top priority for us. If you discover a security vulnerability in CanvasCelebration, please follow the responsible disclosure guidelines outlined below:

1. Do Not Publicly Disclose: Please do not open a public issue on GitHub or disclose details of the vulnerability in public forums.
2. Report Privately: Send an email to [email protected] with the following details:
   • A clear description of the issue.
   • Steps to reproduce the vulnerability.
   • Potential impact assessment.
   • Any suggested fixes or mitigations (if available).
3. Acknowledgment & Response:
   • We will acknowledge receipt of your report within 48 hours.
   • We will conduct an internal investigation and provide an estimated timeline for a fix.
   • You will be updated on the progress and final resolution.

To help keep CanvasCelebration secure, we recommend the following best practices:

• Keep Dependencies Updated: Regularly update dependencies to patch known vulnerabilities.
• Use HTTPS: Always serve the application over secure HTTPS connections.
• Limit Permissions: Use the principle of least privilege when handling sensitive data.
• Monitor for Threats: Enable logging and monitoring tools to detect unauthorized access attempts.

We appreciate security researchers who follow responsible disclosure practices. If you report a valid security issue, we are happy to publicly acknowledge your contribution in our project’s release notes.

For any other security-related concerns, please contact us at [email protected].

Thank you for helping us make CanvasCelebration safer!