We currently provide security updates for the following versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability, please do not report it in a public GitHub Issue.
Please report it through:
- GitHub Security Advisories - Use GitHub's security advisories feature
- Email - Send detailed information to the project maintainers
When reporting, please include:
- Vulnerability type (e.g., XSS, SQL injection, CSRF, etc.)
- Steps to reproduce
- Impact scope
- Possible fix suggestions
We commit to:
- Acknowledging receipt within 48 hours
- Providing initial assessment within 7 days
- Publishing security advisories promptly after fixes are released
When deploying LambChat, please ensure:
- Environment Variables - Do not hardcode sensitive information in code
- HTTPS - Production environments must use HTTPS
- Database - Use strong passwords and restrict access
- JWT Secret - Use a sufficiently strong random key
- Regular Updates - Keep dependencies up to date
Thank you to all contributors who report security issues!