This is a portfolio/educational project. Security updates are provided on a best-effort basis.
| Version | Supported |
|---|---|
| Latest | ✅ |
If you discover a security vulnerability, please do not open a public issue. Instead, please send an email to the repository maintainer with the following information:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will respond to security reports within 48 hours and work with you to address the issue.
When using this project:
- Never commit secrets - Use environment variables or secret management
- Change default passwords - Update all default credentials in docker-compose.yml
- Use strong JWT secrets - Generate cryptographically secure secrets
- Enable HTTPS - Use TLS/SSL in production
- Implement rate limiting - Add rate limiting before production use
- Regular updates - Keep dependencies updated
- Security scanning - Run security scans on dependencies
This project is designed for educational/portfolio purposes. Before production use, please:
- Implement rate limiting
- Add input sanitization
- Configure proper CORS
- Use environment variables for all secrets
- Enable HTTPS/TLS
- Implement proper logging and monitoring
- Add security headers
- Conduct a security audit
This software is provided "as is" without warranty. Use at your own risk.