The security of our users is a top priority. This document explains how to responsibly report security vulnerabilities and how we handle them.

This security policy applies to all FireHub repositories, including:

• Core framework (Standard, Professional, Enterprise)
• Adapters (HTTP, Console, etc.)
• Capability modules (firehub-*-capability)
• Adapter-specific modules (firehub-*-module)
• Meta-repositories, templates, and infrastructure tools

FireHub frameworks, adapters, capabilities, and modules follow a clear support lifecycle.
Check the detailed supported versions, timelines, and maintenance policy here:

View Supported Versions

This document includes support for Core Standard, Professional, Enterprise, as well as all adapters, capabilities, and modules.
Keep it handy to ensure your projects run on supported releases.

Please report any suspected security vulnerability privately via email:

Email: danijel.galic@outlook.com

Guidelines:

1. Include a descriptive title of the vulnerability.
2. Provide a detailed description and any reproduction steps.
3. Include version numbers, platform, and any relevant logs or code snippets.
4. Do not disclose the issue publicly until a patch is released.

We aim to respond to all security reports within 48 hours.

1. Acknowledgment: You will receive a confirmation email within 48 hours.
2. Assessment: We verify the vulnerability and determine the severity.
3. Patch: Critical vulnerabilities are patched as quickly as possible.
4. Disclosure: Once fixed, we coordinate responsible disclosure with the reporter.

We appreciate your help in keeping FireHub safe.

• Always use the latest stable release.
• Keep your environment updated.
• Follow our Documentation for secure usage guidelines.