We actively support the following versions with security updates:

We take security vulnerabilities seriously. If you discover a security vulnerability, please follow these steps:

DO NOT create a public GitHub issue for security vulnerabilities.

Instead, please:

1. Email: Send details to [[email protected]] or create a private vulnerability report via GitHub's security advisory feature
2. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if available)

• Acknowledgment: Within 24-48 hours
• Initial Assessment: Within 1 week
• Resolution Timeline: Depends on complexity, typically 2-4 weeks
• Credit: Security researchers will be credited (unless they prefer to remain anonymous)

This application implements:

• Authentication: ASP.NET Core Identity with secure password policies
• Authorization: Role-based access control
• Data Protection: Encrypted sensitive data storage
• HTTPS: Enforced SSL/TLS in production
• Input Validation: Protection against common attacks (XSS, SQL Injection)
• CSRF Protection: Anti-forgery tokens
• Security Headers: Implemented security headers

When deploying:

1. Environment Variables: Use secure configuration management
2. Database: Use strong connection strings and limit privileges
3. API Keys: Never commit secrets to version control
4. Updates: Keep dependencies updated
5. Monitoring: Implement security logging and monitoring

• OWASP Top 10
• Microsoft Security Guidelines
• .NET Security Best Practices

Thank you for helping keep our project secure! 🛡️