We release patches for security vulnerabilities. Which versions are eligible for patches depends on the Business Source License terms.
| Version | Supported |
|---|---|
| latest | ✅ |
| < 1.0 | ❌ |
DO NOT open public issues for security vulnerabilities.
To report a security vulnerability, please use ONE of the following:
- Email: admin@trakrf.id
- Contact Form: https://trakrf.id/contact (select "Security Issue")
- GitHub Security Advisories: Report a vulnerability (preferred)
Please provide:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if available)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 5 business days
- Resolution Timeline: Depends on severity
- Critical: 7-14 days
- High: 30 days
- Medium/Low: 90 days
We follow coordinated disclosure:
- Reporter submits vulnerability
- We validate and develop fix
- We release patched version
- We publicly disclose after users have time to update (typically 30 days)
When deploying TrakRF Platform:
- Always use TLS for API endpoints
- Rotate JWT secrets regularly
- Use strong database passwords
- Keep dependencies updated
- Enable audit logging
We maintain a Security Hall of Fame for responsible disclosure.