The following versions of SyncUp are currently supported with security updates:
| Version | Supported |
|---|---|
| v1.0.0 | ✅ |
| v1.0.2 | ❌ |
If you discover a security vulnerability in SyncUp, we encourage you to help us improve the project by following the steps below:
- Please do not publicly disclose the vulnerability until we have had a chance to address it.
- Send an email to [email protected] with the details of the vulnerability. Include:
- A clear description of the issue
- Steps to reproduce the vulnerability
- Any relevant screenshots or code snippets
- We will respond to your report as soon as possible to discuss the next steps.
While contributing or using SyncUp, we encourage following these security best practices:
- Do not expose sensitive information (like API keys, JWT secrets) in your code or commits.
- Always use environment variables for sensitive data.
- Use strong passwords for all user accounts and ensure data is transmitted securely (e.g., via HTTPS).
Your help in identifying and responsibly disclosing vulnerabilities is greatly appreciated!