The following versions of the project are currently being supported with security updates.

We take the security of this project seriously. If you discover a security vulnerability, please follow the responsible disclosure process below.

DO NOT open a public GitHub issue for security vulnerabilities.

Instead, please report security vulnerabilities through one of these methods:

1. Email: contact@coderooz.in
2. Contact Form: CodeRooz Contact

Please include the following information in your report:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Any suggested fixes (if you have them)

• Acknowledgment: You will receive an acknowledgment of your report within 48 hours
• Initial Assessment: We will provide an initial assessment within 7 days
• Updates: We will keep you informed of our progress throughout the process
• Resolution: We aim to resolve critical vulnerabilities within 30 days

When using this package:

1. Keep Updated: Always use the latest version of the package
2. Review Dependencies: Regularly review and update your project dependencies
3. Input Validation: Always validate and sanitize user inputs before passing them to any functions
4. Secure Credentials: Never hardcode sensitive information like API keys, passwords, or database credentials
5. Database Security: When using DbHandler, ensure your database files have appropriate file permissions

• Input validation on all public methods
• Parameterized SQL queries to prevent SQL injection
• Secure file handling practices
• Regular dependency updates via Dependabot
• Automated security scanning in CI/CD pipelines

Currently, this project does not offer a bug bounty program. However, we greatly appreciate responsible disclosure and will credit reporters in our security advisories (unless they prefer to remain anonymous).

Author: Ranit Saha
Website: https://coderooz.in