| Version | Supported |
|---|---|
| 2.1.x | ✅ Yes |
| 2.0.x | ✅ Yes |
| < 2.0 | ❌ No |
If you discover a security vulnerability in Autonogrammer, please report it responsibly.
Do NOT open a public issue.
Instead, send an email to:
- Email: security@swcstudio.com
- Subject: [Security] Autonogrammer Vulnerability Report
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Impact assessment
- Proof of concept (if available)
We will respond within 48 hours with:
- Confirmation of receipt
- Estimated timeline for fix
- Status updates
- We follow responsible disclosure practices
- Security fixes will be prioritized
- Public disclosure after fix is released
- Credit will be given to reporters
- All dependencies are regularly audited
- Vulnerability scanning via Dependabot
- Automated security updates
- Never commit secrets to repository
- Use HashiCorp Vault for secret storage
- Rotate API keys regularly
- TLS 1.3 for all communications
- Network isolation for critical components
- Regular security audits
- Post-quantum cryptography support (Kyber-512)
- Static analysis (SAST) on all code
- Input validation at boundaries
- OWASP ASVS compliance
- Automated security testing