Skip to content

Security: VoxDroid/Chess-Ultimate

Security

SECURITY.md

Security Policy

Supported Versions

The following versions of Chess Ultimate are currently supported with security updates:

Version Supported
1.0.0
Future ✅ (Latest release)

We recommend using the latest version from the repository to ensure you have the most recent security fixes and improvements.

Reporting a Vulnerability

If you discover a security vulnerability in Chess Ultimate, we appreciate your help in disclosing it responsibly. Please follow these steps:

  1. Do Not Disclose Publicly: Avoid sharing details of the vulnerability in public forums, such as GitHub issues, social media, or other platforms, until it has been addressed.
  2. Contact the Maintainer Privately:
    • Create a private issue or discussion on the GitHub repository.
    • Include a detailed description of the vulnerability, steps to reproduce, and potential impact.
  3. Response Time:
    • You can expect an initial response within 48 hours.
    • We will work with you to validate and address the issue promptly.
  4. Disclosure:
    • Once the vulnerability is fixed, we will coordinate with you on public disclosure, if appropriate.
    • Credit will be given for your discovery in release notes, unless you prefer anonymity.

Security Best Practices

To keep your use of Chess Ultimate secure:

  • Use Trusted Sources: Download or clone the application only from the official GitHub repository.
  • Update Assets: Ensure CDN-loaded assets (e.g., Bootstrap, Font Awesome, particles.js) are from reputable sources. Consider hosting them locally for added security.
  • Input Validation: The game operates client-side with no server-side input, but avoid running it in untrusted environments to prevent XSS risks.
  • Local Storage: Settings are stored in the browser’s local storage, which could be accessed by malicious scripts in an untrusted context. Clear local storage if needed.
  • HTTPS: If hosting online, serve the application over HTTPS to protect data in transit.
  • Browser Security: Use a modern browser with up-to-date security patches.

Known Dependencies

Chess Ultimate relies on the following third-party assets, which may have their own security policies:

  • Bootstrap 5.3.0: Loaded via CDN for UI components.
  • Font Awesome 6.4.0: Loaded via CDN for icons.
  • Google Fonts (Poppins): Loaded via CDN for typography.
  • particles.js 2.0.0: Loaded via CDN for background effects.

Check the respective project pages for their security advisories and ensure you’re using the versions specified in index.html.

Thank you for helping keep Chess Ultimate secure!

There aren’t any published security advisories