At AbacatePay, we treat security with the highest priority. We are committed to protecting our users, partners, and the open source community that uses our SDKs.
If you identify any vulnerability in our projects, follow the guidelines below to ensure secure and efficient communication.
Send an email to: security@abacatepay.com
Or use the GitHub Security Advisories feature in the official repositories.
Please provide as much detail as possible:
- Description of the vulnerability.
- Steps to reproduce.
- Potential impact.
- Possible mitigation suggestions.
- We will confirm receipt of your report within 48 business hours.
- We will analyze and triage the vulnerability.
- We will work on a fix within a timeframe compatible with the criticality of the issue.
- We will conduct a coordinated disclosure after the fix, ensuring that users are properly informed.
We request that you do not publicly disclose any vulnerability before we have had the opportunity to fix it and communicate to the community appropriately.
We value the practice of responsible disclosure and recognize the importance of community collaboration to keep our projects secure.
Accidental exposure of tokens, API keys, or other sensitive credentials represents a critical risk.
Everyone should follow the Token Management Policy, which covers:
- Prohibitions on committing tokens.
- Use of GitHub Secrets and environment variables.
- Rapid procedures in case of leakage.
Credential leaks must be treated with the highest priority.
We thank you for your contribution to making the AbacatePay ecosystem more secure.
Every collaboration is fundamental to maintaining the integrity and trust in our open source SDKs.