This project is maintained for current coursework use. Security fixes are applied to the latest version on the main branch.
Please do not report security vulnerabilities in public GitHub issues.
Instead, report privately by contacting the repository owner and include:
- A clear description of the issue
- Steps to reproduce
- Potential impact
- Suggested fix (if known)
- Initial acknowledgement: within 7 days
- Triage and severity assessment: as soon as possible
- Fix timeline: depends on issue complexity and coursework schedule
Typical in-scope issues include:
- Authentication/authorization bypass
- SQL injection / command injection
- Sensitive data exposure
- Insecure file upload handling
- CSRF/XSS vulnerabilities
Out of scope:
- Denial-of-service style load testing
- Social engineering / phishing
- Vulnerabilities requiring physical/local machine access
Please allow time for remediation before any public disclosure. Responsible disclosure is appreciated.