| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
Option 1: GitHub Security Advisory (Preferred)
- Go to the Security Advisories page
- Click "New draft security advisory"
- Fill in the details of the vulnerability
Option 2: Email
Send details to: security@openpasture.dev
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution Target: Within 30 days for critical issues
- We follow coordinated disclosure practices
- We will work with you to understand and resolve the issue
- We will credit reporters in the security advisory (unless you prefer anonymity)
- Please allow us reasonable time to address the issue before public disclosure
This policy applies to:
- The OpenPasture web application (
app/) - Convex backend functions (
app/convex/) - Documentation and configuration files
- Third-party services (Clerk, Convex infrastructure, satellite data providers)
- Issues in dependencies (please report to the upstream project)
- Social engineering attacks
- Physical security
When contributing, please:
- Never commit API keys, secrets, or credentials
- Use environment variables for sensitive configuration
- Validate and sanitize user inputs
- Follow the principle of least privilege
Thank you for helping keep OpenPasture secure.