We take security seriously and are committed to addressing security vulnerabilities in a timely manner. The following versions of Formap are currently being supported with security updates:
| Version | Supported |
|---|---|
| 0.2.x | ✅ |
| < 0.2.0 | ❌ |
If you discover a security vulnerability in Formap, we appreciate your help in disclosing it to us in a responsible manner. Please follow these steps to report a security issue:
- Do not open a public GitHub issue for security vulnerabilities.
- Email your findings to security@example.com. Please use a descriptive subject line.
- Include the following details in your report:
- A description of the vulnerability
- Steps to reproduce the issue
- The version of Formap you're using
- Any relevant error messages or logs
- Your contact information (optional)
We will acknowledge receipt of your report within 48 hours and provide a more detailed response within 7 days, indicating the next steps in handling your report.
Security updates will be released as patch versions (e.g., 1.0.0 → 1.0.1). We recommend always using the latest version of Formap to ensure you have all security fixes.
When using Formap, please follow these security best practices:
- Keep Dependencies Updated: Regularly update Formap and its dependencies to the latest versions.
- Use Environment Variables: Store sensitive information like API keys in environment variables, not in your code.
- Validate Input: Always validate and sanitize any input data before processing it with Formap.
- Limit Permissions: Run Formap with the minimum necessary permissions.
- Monitor Usage: Keep an eye on how Formap is being used in your applications and monitor for any unusual activity.
For security reasons, we will not publish detailed information about security vulnerabilities until a fix is available. Once a fix is released, we will publish a security advisory with details about the vulnerability and the steps taken to address it.
We would like to thank all security researchers and community members who report security vulnerabilities to us. Your efforts help make Formap more secure for everyone.