We actively support the following versions of MoneyMagic:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
| < 0.1.0 | ❌ |
Please do not report security vulnerabilities through public GitHub issues.
If you discover a security vulnerability, please report it via one of the following methods:
- GitHub Security Advisory: Create a security advisory
- Email: Contact the maintainer at info@fezz.it
Please include as much of the following information as possible:
- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
This information will help us triage your report more quickly.
When using MoneyMagic in your application:
- Keep dependencies updated: Regularly run
composer updateto ensure you're using the latest secure versions - Run security audits: Use
composer auditto check for known vulnerabilities in dependencies - Don't store secrets: This package doesn't handle secrets, but ensure you never store sensitive data in money fields
- Validate input: Always validate and sanitize user input before storing monetary values
- Use HTTPS: Always use HTTPS in production to protect data in transit
This security policy applies to:
- Vulnerabilities in MoneyMagic package code
- Vulnerabilities in MoneyMagic dependencies
- Security issues related to how MoneyMagic handles monetary data
We aim to:
- Acknowledge receipt of your vulnerability report within 48 hours
- Provide an initial assessment within 7 days
- Keep you informed of our progress throughout the resolution process
Thank you for helping keep MoneyMagic and its users safe!