| Version | Supported |
|---|---|
| 8.1.x | ✅ |
| < 8.0 | ❌ |
If you discover a security vulnerability in this project, please follow these steps:
- Do not open a public issue
- Email the maintainer directly or use GitHub Security Advisories
- Include detailed information about the vulnerability:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will respond to security reports within 48 hours and will work to address valid vulnerabilities promptly.
This project implements the following security measures:
- Brakeman: Rails security scanner runs on every commit
- Bundler Audit: Dependency vulnerability checks
- GitHub Dependabot: Automated dependency updates
- Weekly Scans: Scheduled security scans every Monday
- RuboCop: Code quality and style enforcement
- Automated Testing: Full test suite on every PR
- Code Review: All changes reviewed before merging
- Regular gem updates
- Security patches applied promptly
- Minimal dependency footprint
- Version pinning where appropriate
When contributing to this project:
- Keep dependencies up to date
- Run security scans locally before committing:
bundle exec brakeman --no-pager bundle exec bundler-audit check --update
- Follow Rails security guidelines
- Never commit secrets or credentials
- Use strong parameters in controllers
- Validate and sanitize all user input
- Use prepared statements for database queries
This is a demo/learning application and should not be used in production without:
- Proper authentication and authorization
- HTTPS/TLS configuration
- Environment-specific secrets management
- Rate limiting and DDoS protection
- Regular security audits
- Production-grade database (not SQLite)
- Proper logging and monitoring