Skip to content

Security: Lean-Storytelling/Lean-Storytelling-App

Security

SECURITY.md

Security Policy

Reporting Security Vulnerabilities

Do not report security vulnerabilities through public GitHub issues.

If you discover a security vulnerability in the Lean Storytelling App, please report it privately to our security team:

Email: security@leanstorytelling.app GPG Key: Download our public GPG key

What to Include

When reporting a vulnerability, please include:

  1. A clear description of the vulnerability
  2. Steps to reproduce the issue
  3. Any relevant proof-of-concept code
  4. Your contact information (optional)
  5. Any potential mitigations you've identified

What to Expect

  1. Acknowledgment: You will receive an acknowledgment of your report within 48 hours
  2. Assessment: Our security team will assess the vulnerability and determine its impact
  3. Resolution: We will work on a fix and provide you with updates on our progress
  4. Disclosure: After the vulnerability is fixed, we will publicly disclose it (with credit to you, unless you prefer to remain anonymous)

Supported Versions

Only the latest major version of the Lean Storytelling App receives security updates. We recommend always using the latest version.

Version Supported
0.4.x ✅ Yes
0.3.x ❌ No
< 0.3 ❌ No

Security Best Practices

For Users

  • Always use the latest version of the application
  • Use strong, unique passwords
  • Enable two-factor authentication when available
  • Regularly review your account activity
  • Report any suspicious activity immediately

For Developers

  • Follow our Contribution Guidelines
  • Never commit sensitive information (passwords, API keys) to the repository
  • Use environment variables for configuration
  • Follow secure coding practices
  • Keep dependencies updated

Responsible Disclosure Policy

We follow a responsible disclosure policy:

  1. Initial Report: Vulnerability is reported privately
  2. Triage: We acknowledge receipt within 48 hours
  3. Investigation: We investigate and develop a fix (typically within 7-14 days)
  4. Patch: We release a security patch
  5. Disclosure: We publicly disclose the vulnerability after users have had time to update

Hall of Fame

We would like to thank the following security researchers for responsibly disclosing vulnerabilities:

  • [Your Name Here] - [Vulnerability Type]

Contact

For security-related questions that are not vulnerabilities, you can contact us at:

Thank you for helping keep the Lean Storytelling App and its users safe!

There aren’t any published security advisories