This policy applies across the MyAstroBoard organization and all of its repositories. We take the security of the project and of the people who self-host it seriously, and we appreciate responsible disclosure.
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, report privately using GitHub's private vulnerability reporting:
- Go to the affected repository's Security tab.
- Click Report a vulnerability.
- Fill in the details.
This keeps the report confidential while we investigate. If private reporting is unavailable on a given repository, contact a maintainer privately rather than disclosing the issue publicly.
To help us assess and fix the issue quickly, please provide as much as you can:
- A description of the vulnerability and its potential impact
- The affected project and version (release tag or commit)
- Step-by-step instructions to reproduce it
- Any relevant configuration, logs, or proof-of-concept
- Whether the issue is already publicly known
- We will acknowledge your report within a few days.
- We will keep you updated on our assessment and progress.
- We will work on a fix and coordinate a disclosure timeline with you.
- With your permission, we're happy to credit you once the issue is resolved.
We ask that you give us a reasonable amount of time to address the issue before any public disclosure.
Security fixes are applied to the latest released version of each project. We strongly recommend keeping your deployment up to date with the most recent release. Older versions are not maintained.
MyAstroBoard projects are typically self-hosted. While we work to keep the software itself secure, the security of a deployment also depends on how it is operated — keep your instance updated, restrict network exposure as appropriate, and follow the deployment guidance in each repository's documentation.
We support good-faith security research. If you make a genuine effort to follow this policy when reporting an issue, we will not pursue or support action against you for that research.
Thank you for helping keep MyAstroBoard and its community safe. 🌌