If you discover a security vulnerability in BinVault, we appreciate your help in disclosing it responsibly. Please do the following:
- Do not disclose it publicly. Avoid posting security issues in public forums, GitHub issues, or discussions.
- Report the vulnerability via GitHub Security Advisories in the repository.
- Provide as much detail as possible, including:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggestions for a fix (if available)
- Expect an acknowledgment within 48 hours and a resolution timeline depending on severity.
We actively maintain and apply security patches to the latest stable release. The versions currently supported are:
| Version | Supported |
|---|---|
| Latest | ✅ Yes |
| Older than 6 months | ❌ No |
- Keep your dependencies up to date by running
go mod tidy && go mod verifyregularly. - Do not expose sensitive information in logs or error messages.
- Follow the principle of least privilege when configuring access permissions.
- Use HTTPS and secure authentication methods for API communication.
We regularly monitor and update third-party dependencies for security vulnerabilities. If you identify an issue with a dependency, report it using GitHub Security Advisories.
Thank you for helping us keep BinVault secure!