If you discover a security vulnerability in FastAPI Crons, please email [email protected] instead of using the issue tracker.
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge receipt of your report within 48 hours and provide an estimated timeline for a fix.
| Version | Supported |
|---|---|
| 2.0.x | ✅ Yes |
| 1.x | |
| < 1.0 | ❌ No |
When using FastAPI Crons:
- Keep dependencies updated - Regularly update FastAPI, croniter, and other dependencies
- Use environment variables - Store sensitive configuration in environment variables, not in code
- Validate cron expressions - Always validate user-provided cron expressions
- Secure Redis connections - If using Redis for distributed locking, use authentication and encryption
- Monitor job execution - Regularly review job logs and execution history
- Limit job permissions - Run jobs with minimal required permissions
Security updates will be released as soon as possible after a vulnerability is confirmed. We recommend:
- Subscribing to release notifications
- Regularly checking for updates
- Testing updates in a staging environment before production deployment