If you discover a security vulnerability, please do not create a public issue. Instead, report it privately to our security team:
- Email: t@doorbase.io
- PGP Key: (optional, for encrypted reports)
We will acknowledge your report within 3 business days and work with you to resolve the issue promptly.
- We follow a coordinated disclosure process.
- You will receive updates on the status of your report.
- We aim to provide a fix within 30 days of confirmation.
- You will be credited in the release notes unless you request otherwise.
- Security fixes will be announced in the release notes and on our GitHub Releases page.
- Please ensure you are running the latest supported version.