| Version | Supported |
|---|---|
| Latest | ✅ Yes |
If you believe you have found a security vulnerability in VidBuddy, please do not open a public GitHub issue.
Instead, please report it via a GitHub Security Advisory on this repository so it can be addressed confidentially.
Please include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested mitigations if known
You should receive a response within 72 hours. We will keep you informed as we work to resolve the issue.
VITE_*environment variables are bundled into the client-side JavaScript at build time. Never expose production API keys this way. Use a secure token-exchange backend proxy for production deployments.- Rotate your Azure Blob SAS token regularly. Use the shortest expiry window that works for your workflow.
- Restrict your SAS token permissions to only what the app requires (
GET,PUT,DELETEon the specific container).