At AbacatePay, we take security seriously and are committed to protecting our users, partners, and the open-source community that relies on our libraries and SDKs.
This document describes how to responsibly report security vulnerabilities found in any AbacatePay open-source project.
If you discover a security vulnerability, please do not open a public issue.
Instead, report it through one of the following channels:
- Email: security@abacatepay.com
- GitHub Security Advisories (preferred, when available)
When reporting, include as much information as possible:
- A clear description of the vulnerability
- Steps to reproduce (if applicable)
- Potential impact
- Any known mitigations or suggestions
- We will acknowledge receipt within 48 business hours
- The issue will be reviewed and triaged
- A fix will be developed based on severity and impact
- We will coordinate a responsible disclosure after a fix is available
We kindly ask that you do not publicly disclose any vulnerability until we have had the opportunity to investigate and address it.
We strongly support and appreciate responsible disclosure practices.
Accidental exposure of API keys, tokens, or other sensitive credentials is considered critical severity.
If you believe credentials were leaked:
- Report the issue immediately via the channels above
- Avoid sharing the exposed data publicly
This security policy applies to all repositories and packages maintained under the AbacatePay organization, including all libraries and SDKs distributed through this monorepo.
We appreciate the efforts of security researchers and contributors who help keep the AbacatePay ecosystem secure.
Thank you for helping us improve the safety and reliability of our software.