We currently provide security updates for the following versions:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
We take the security of our software seriously. If you believe you've found a security vulnerability, please follow these steps:
- Do not disclose the vulnerability publicly until it has been addressed by our team.
- Email your findings to [email protected] with the subject line "Flarekit Security Vulnerability".
- Include as much information as possible about the vulnerability, including:
- Steps to reproduce
- Potential impact
- Suggested fixes (if any)
We will acknowledge receipt of your vulnerability report within 48 hours and provide a more detailed response within 7 days indicating the next steps in handling your report.
- All API endpoints are protected with appropriate authentication mechanisms
- Role-based access control (RBAC) is implemented for sensitive operations
- API keys and tokens are never stored in plain text
- All data in transit is encrypted using TLS/SSL
- Sensitive data is encrypted at rest
- Regular security audits of database access patterns
- Implementation of proper input validation and sanitization
- Cloudflare Workers provide built-in DDoS protection
- Regular security updates for all dependencies
- Automated vulnerability scanning of dependencies
- Implementation of proper CORS policies
- All code changes require security review
- Automated security testing in CI/CD pipeline
- Regular dependency updates to patch known vulnerabilities
- Implementation of secure coding practices
- Sensitive configuration is managed through environment variables
.dev.varsfile is included in.gitignore- Production secrets are managed through Cloudflare's secret management
-
API Keys and Tokens
- Never commit API keys or tokens to version control
- Rotate API keys and tokens regularly
- Use the minimum required permissions for API keys
-
Database Security
- Use strong, unique passwords for database access
- Regularly backup your database
- Monitor database access logs
-
Application Security
- Keep your dependencies up to date
- Implement proper input validation
- Use HTTPS for all communications
- Follow the principle of least privilege
-
Deployment Security
- Use separate environments for development and production
- Implement proper access controls for deployment
- Monitor application logs for suspicious activity
We regularly release security updates to address vulnerabilities. To ensure you're protected:
- Keep your Flarekit installation up to date
- Subscribe to security announcements
- Regularly review the changelog for security-related updates
For security-related concerns, please contact:
- Email: [email protected]
- Security Team: [email protected]
We appreciate the security research community's efforts in helping us maintain a secure codebase. We will acknowledge significant contributions in our security advisories.