We provide security updates for the following versions of Laravel Arc:

If you discover a security vulnerability within Laravel Arc, please send an email to [email protected]. All security vulnerabilities will be promptly addressed.

Please do not report security issues publicly via GitHub issues or discussions. Security reports sent to the maintainer's email will be acknowledged within 48 hours.

When reporting a security vulnerability, please include:

1. Description - A clear description of the vulnerability
2. Impact - What kind of vulnerability it is and who it impacts
3. Reproduction - Detailed steps to reproduce the issue
4. Proof of Concept - If applicable, include proof-of-concept code
5. Suggested Fix - If you have ideas for how to fix the issue

• Initial Response: Within 48 hours of receiving the report
• Investigation: We will investigate and validate the reported vulnerability
• Fix Development: Development of a patch or mitigation strategy
• Release: Coordinated disclosure and release of security update
• Public Disclosure: After users have had time to upgrade

When using Laravel Arc in your applications, we recommend:

1. Keep Updated - Always use the latest version of Laravel Arc
2. Validate Input - Ensure proper validation of all data passed to DTOs
3. Review Dependencies - Regularly update your Composer dependencies
4. Follow Laravel Security - Follow Laravel's security best practices

We do not currently offer a bug bounty program, but we deeply appreciate responsible disclosure of security vulnerabilities.

For security-related questions or concerns, please contact:

• Email: [email protected]
• Maintainer: Jean-Marc Strauven

Thank you for helping keep Laravel Arc and our users safe!