Skip to content
This repository has been archived by the owner on Aug 20, 2024. It is now read-only.

Security: NotHGM/UniPlateTracker

Security

docs/SECURITY.md

Security Policy

Supported Versions

This section lists which versions of the License Plate Dashboard project are currently being supported with security updates.

Version Supported
1.0.0 (Next Version)
0.9.9 (Current Version)
0.9.5

Reporting a Vulnerability

We take the security of the License Plate Dashboard project seriously. If you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

Please follow these steps to report a vulnerability:

  1. Do Not Publicly Disclose - Publicly disclosing a vulnerability can put the entire community at risk. If you've found a security issue, please refrain from sharing it publicly until a fix is in place.

  2. Email Your Findings - Send an email to george@hgmartist.net with a detailed description of the vulnerability. Include steps to reproduce the vulnerability, and any proof of concept if available.

  3. Response Time - We aim to respond to your report within 48 hours, acknowledging receipt. We'll provide a timeline for a fix and release a security update if necessary.

  4. Disclosure - Once the vulnerability has been resolved, a public announcement will be made. We encourage the security researcher to be a part of the announcement.

  5. Recognition - We value those who take the time to responsibly disclose security vulnerabilities. We would like to recognize your efforts in the project's release notes, unless you prefer to remain anonymous.

Out of Scope

The following issues are considered out of scope for security reporting:

  • Descriptive error messages (e.g., Stack Traces, application or server errors).
  • HTTP 404 codes/pages or other HTTP non-200 codes/pages.
  • Banner disclosure on common/public services.
  • Disclosure of known public files or directories (e.g., robots.txt).

Security Measures

  • Data Protection: Ensure that your instance of the License Plate Dashboard project is running in a secure network environment. Sensitive data, such as database credentials and API keys, should be kept confidential.

  • Update Regularly: Always use the latest version of the project and its dependencies to benefit from the latest security patches.

  • Secure Configuration: Follow best practices for configuring servers, databases, and other components to enhance security.

Thank you for helping keep the License Plate Dashboard project and its users safe.

There aren’t any published security advisories