| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take security seriously at LibreDiary. If you discover a security vulnerability, please report it responsibly.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please send an email to security@akaalcreatives.com with:
- Description - A clear description of the vulnerability
- Impact - The potential impact of the vulnerability
- Steps to Reproduce - Detailed steps to reproduce the issue
- Affected Versions - Which versions are affected
- Suggested Fix - If you have a suggested fix, please include it
- Acknowledgment - We will acknowledge receipt of your report within 48 hours
- Assessment - We will assess the vulnerability and determine its severity
- Updates - We will keep you informed of our progress
- Resolution - We aim to resolve critical vulnerabilities promptly
- Credit - With your permission, we will credit you in our security advisories
The following are in scope for security reports:
- LibreDiary web application
- LibreDiary server/API
- Authentication and authorization issues
- Data exposure or leakage
- Injection vulnerabilities
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Issues in third-party dependencies (please report these to the respective maintainers)
- Social engineering attacks
- Physical attacks
- Issues requiring unlikely user interaction
When self-hosting LibreDiary:
- Keep your installation up to date
- Use HTTPS in production
- Configure proper firewall rules
- Regularly backup your data
- Use strong, unique passwords
- Review and restrict API access
Security updates will be released as patch versions. We recommend enabling automatic updates or regularly checking for new releases.
Thank you for helping keep LibreDiary and its users safe!