Skip to content

Security: TheStoicSpirit/Whatsapp-Wishing-Bot

SECURITY.md

Security Policy

Supported Versions

The following versions of Whatsapp-Wishing-Bot are actively supported with security updates:

Version Supported
1.1.x ✔️
any older than 1.1 ❌ (no longer supported)

Note: Version 1.1 introduced LID support and the enhanced whitelist security mode (see CHANGELOG). If you are running an older version, you are strongly encouraged to upgrade.

Reporting a Vulnerability

If you find a vulnerability (bug, security hole, data leak, or unintended behavior), please report it via a private security advisory on GitHub:
https://github.com/TheStoicSpirit/Whatsapp-Wishing-Bot/security/advisories

What to include in your report

  • A clear description of the issue.
  • Steps to reproduce, if possible.
  • Potential impact (data exposure, unauthorized access, any scenario of misuse).
  • Environment info: Node.js version, .env configuration (especially REQUIRE_WHITELIST and any other security-relevant settings).

What to expect

  • Initial acknowledgement within 48 hours.
  • An update once the issue is reviewed (accepted or rejected).
  • If accepted, a fix or mitigation will be provided — you will be informed until resolution.
  • If rejected, a succinct explanation will be given.

Thank you for helping keep Whatsapp-Wishing-Bot safe and reliable for everyone.

There aren't any published security advisories