This document outlines how to report security vulnerabilities and the project’s response procedures.
We provide security updates for the following branches and releases:
- master (latest release)
Please report security issues privately via Discord to out admins
Include the following information:
- Detailed description of the vulnerability and its potential impact
- Steps to reproduce the issue
- Proof-of-Concept (PoC) code or logs, if available
- A contact email or other means for follow-up
- Acknowledgment
We will confirm receipt within 48 hours. - Initial Assessment & Prioritization
We will evaluate severity and provide a response timeline within 72 hours. - Patch Development
We aim to deliver a major patch or mitigation within 7 days. - Public Disclosure
After release, we will publish an advisory and assign a CVE if necessary.
- Store all secrets (Discord bot tokens, Notion API tokens, etc.) in environment variables.
- Do not hard-code credentials in code or documentation.
- If a secret is compromised, rotate the token immediately and notify the project team.