The following versions of FBA-Bench are actively supported with security updates:
mainbranch (development HEAD)- Latest stable release (e.g., vX.Y.Z) - Specify latest release tag if applicable
Older versions are not supported and may have unpatched vulnerabilities.
If you discover a security vulnerability in FBA-Bench, please report it to us as soon as possible so that we can address it. We ask that you use the contact information provided below.
Contact: Email: security@fba-bench.com
Please include as much of the following information as possible:
- The affected version of the project.
- A detailed description of the vulnerability.
- Steps to reproduce the vulnerability.
- Any code or configuration that demonstrates the vulnerability.
- Your contact information, so we can follow up with you.
We will acknowledge your report within 48 hours and will keep you updated on the progress of the vulnerability.
To ensure the security of your FBA-Bench deployment, please follow these best practices:
- Never commit sensitive information (API keys, database credentials, secrets) directly into the codebase.
- Use environment variables to configure your application. Avoid hardcoding sensitive values.
- Ensure that environment variables are securely managed, especially in production environments. Use dedicated secret management tools where appropriate.
SECRET_KEY: Always change this default value to a strong, unique secret in production.- Database URLs and API keys should follow best practices for secure storage.
- Regularly update your project dependencies to patch known vulnerabilities.
- Scrutinize third-party libraries before integrating them into your project.
- Implement appropriate access controls for your deployment.
- Limit user privileges based on the principle of least privilege.
Refer to the CONTRIBUTING.md for information on development environment setup and coding standards.