| Version | Supported |
|---|---|
| 2.0.x | β |
| 1.x.x | β |
CarCare Pro implements several security measures:
- BCrypt Password Hashing - Industry-standard password hashing with salt
- Role-based Access Control - Admin, Manager, and Employee roles
- Session Management - Secure session handling
- HikariCP Connection Pool - Secure database connection management
- Prepared Statements - Prevention of SQL injection attacks
- Input Validation - Comprehensive input sanitization
- No hardcoded credentials in source code
- Configuration externalized to
config.properties - Sensitive data excluded from version control
We take security seriously. If you discover a security vulnerability, please follow these steps:
- β Open a public GitHub issue
- β Discuss in public channels
- β Exploit the vulnerability
- Email us directly at [security@example.com]
- Include details:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
| Timeline | Action |
|---|---|
| 24 hours | Acknowledgment of your report |
| 48 hours | Initial assessment |
| 7 days | Status update and timeline |
| 30 days | Resolution target (varies by severity) |
| Level | Description | Response Time |
|---|---|---|
| π΄ Critical | System compromise, data breach | Immediate |
| π High | Authentication bypass, injection | 24-48 hours |
| π‘ Medium | Limited data exposure | 1 week |
| π’ Low | Minor issues | 2-4 weeks |
We appreciate security researchers who help keep CarCare Pro secure:
- Your name in our security acknowledgments (if desired)
- Credit in release notes for fixes
- Our sincere gratitude!
When contributing code, please ensure:
- No hardcoded credentials or secrets
- Use parameterized queries for database operations
- Validate and sanitize all user inputs
- Follow the principle of least privilege
- Keep dependencies up to date
- Use secure communication (HTTPS/TLS)
- Handle errors without exposing sensitive information
Thank you for helping keep CarCare Pro and its users safe! π