We release patches for security vulnerabilities for the latest version only. Users should always run the latest version for security updates.
If you discover a security vulnerability within Serviti, please send an email to security@serviti.app. All security vulnerabilities will be promptly addressed.
Please do not publicly disclose the vulnerability until we have had a chance to address it.
This project follows several security best practices:
- No hardcoded secrets: All sensitive information should be stored in environment variables
- Dependency management: Regular updates and security scans of dependencies
- Authentication: Secure user authentication using industry-standard libraries
- Data protection: All sensitive data is stored server-side, never in client-side code
- Secure communications: All data transmission uses HTTPS encryption
Never commit environment variables containing secrets to the repository. The following files are ignored by git:
.env.local.env.development.local.env.test.local.env.production.local
All code changes are reviewed for security implications before merging. Particular attention is paid to:
- Input validation and sanitization
- Authentication and authorization checks
- Data handling and storage practices
- Dependency updates
For production deployments, ensure:
- All environment variables are properly configured
- HTTPS is enabled
- Regular backups are performed
- Access logs are monitored
- Dependencies are kept up to date