If you discover a security vulnerability in Project Zap, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please email the maintainer directly or use GitHub's private vulnerability reporting feature:
- Go to the Security tab
- Click "Report a vulnerability"
- Provide details about the vulnerability
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Resolution timeline: Depends on severity and complexity
| Version | Supported |
|---|---|
| Latest | ✅ |
When using this starter template:
- Never commit secrets - Use environment variables for API keys and credentials
- Keep dependencies updated - Regularly run
bun updateto patch vulnerabilities - Review WorkOS configuration - Ensure proper redirect URIs and CORS settings
- Use Convex's built-in auth - Always validate user identity in Convex functions using
ctx.auth.getUserIdentity()