If you discover a security vulnerability in opendocs, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please email security@opendocs.dev with:
- A description of the vulnerability
- Steps to reproduce the issue
- The potential impact
- Any suggested fixes (optional)
We will acknowledge your report within 48 hours and aim to provide a fix within 7 days for critical issues.
| Version | Supported |
|---|---|
| 0.1.x | Yes |
The following are in scope for security reports:
- Authentication and authorization bypasses
- SQL injection, XSS, or other injection vulnerabilities
- Data exposure or leakage
- Server-side request forgery (SSRF)
- Insecure default configurations
We follow coordinated disclosure. Once a fix is released, we will credit the reporter (unless they prefer to remain anonymous) and publish a security advisory.