We take security seriously. The following versions of Dev HQ are currently supported with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability in Dev HQ, please help us by reporting it responsibly.
Please DO NOT report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by emailing: dev-hq@example.com
When reporting a vulnerability, please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact and severity
- Any suggested fixes or mitigations
- Your contact information for follow-up
- Acknowledgment: We'll acknowledge receipt within 24 hours
- Investigation: We'll investigate the report and determine impact
- Fix Development: We'll develop and test a fix
- Disclosure: We'll coordinate disclosure with you
- Release: We'll release the fix and security advisory
Security updates will be released as patch versions (1.0.x) and will be clearly marked in the changelog with a 🔒 emoji.
We appreciate security researchers who help keep Dev HQ safe. With your permission, we'll acknowledge your contribution in our security advisory.
When using Dev HQ, consider these security best practices:
- Keep Bun updated to the latest version
- Use HTTPS/TLS in production deployments
- Regularly audit your feature flag configurations
- Monitor logs for unusual activity
- Use the built-in security scanners
For security-related questions or concerns, contact us at dev-hq@example.com.