We provide security updates for the following versions:
| Version | Supported |
|---|---|
| 1.x | ✅ |
If you discover a security vulnerability within this package, please send an email to security@litepie.com. All security vulnerabilities will be promptly addressed.
When reporting a vulnerability, please include:
- Description: A clear description of the vulnerability
- Impact: What an attacker could achieve
- Steps to Reproduce: Detailed steps to reproduce the issue
- Proof of Concept: Code or screenshots demonstrating the vulnerability
- Suggested Fix: If you have ideas for fixing the issue
- Initial Response: Within 24 hours
- Investigation: Within 48 hours
- Fix Development: Within 7 days for critical issues
- Release: As soon as possible after fix is ready
We kindly ask that you:
- Do not publicly disclose the vulnerability until we have had a chance to address it
- Do not exploit the vulnerability beyond what is necessary to demonstrate it
- Do not access or modify data that does not belong to you
This package implements several security measures:
- Input Validation: All user inputs are validated and sanitized
- SQL Injection Protection: Uses Laravel's query builder and parameter binding
- Mass Assignment Protection: Follows Laravel's fillable/guarded patterns
- Authorization: Supports Laravel's authorization mechanisms
We are particularly interested in reports about:
- SQL Injection vulnerabilities
- Mass assignment vulnerabilities
- Authorization bypass issues
- Information disclosure
- Cross-site scripting (XSS) in generated content
When using this package:
- Validate Input: Always validate and sanitize user input
- Use Fillable: Define fillable attributes on your models
- Implement Authorization: Use Laravel's policies and gates
- Keep Updated: Regularly update the package to get security fixes
- Review Code: Review your repository implementations for security issues
Thank you for helping keep Litepie Repository secure!