typebot.io/SECURITY.md

Security Policy

This security policy outlines how security vulnerabilities should be reported and handled for Typebot. We take security seriously and appreciate the community's efforts in helping maintain a secure project.

Report a vulnerability

If you discover a security vulnerability in Typebot, please report it through the Security tab in our GitHub repository. This ensures that your report is handled confidentially until a fix is available.

1. Navigate to the Typebot GitHub repository
2. Head over to the Security tab in the Github repository.
3. Click on "Report a vulnerability"
4. Provide a detailed description of the vulnerability.

This should include:

• A clear description of the vulnerability
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Any suggestions for mitigation or fixes (if available)

We aim to acknowledge all vulnerability reports within 48 hours of submission.

Disclosure Policy

We follow a coordinated disclosure process:

• The vulnerability is kept confidential until a fix is available
• Once a fix is implemented, we will release an update
• After users have had reasonable time to update, details of the vulnerability may be publicly disclosed

Security Best Practices for Self-hosters

• Keep your Typebot installation updated to the latest version
• Follow security best practices for any infrastructure hosting Typebot
• Regularly review your chatbot configurations for potential security issues