mirror of
https://github.com/baptisteArno/typebot.io.git
synced 2026-06-25 21:01:54 +08:00
37 lines
1.5 KiB
Markdown
37 lines
1.5 KiB
Markdown
# Security Policy
|
|
|
|
This security policy outlines how security vulnerabilities should be reported and handled for Typebot. We take security seriously and appreciate the community's efforts in helping maintain a secure project.
|
|
|
|
## Report a vulnerability
|
|
|
|
If you discover a security vulnerability in Typebot, please report it through the Security tab in our GitHub repository. This ensures that your report is handled confidentially until a fix is available.
|
|
|
|
1. Navigate to the Typebot GitHub repository
|
|
2. Head over to the [Security tab](https://github.com/baptisteArno/typebot.io/security) in the Github repository.
|
|
3. Click on "Report a vulnerability"
|
|
4. Provide a detailed description of the vulnerability.
|
|
|
|
This should include:
|
|
- A clear description of the vulnerability
|
|
- Steps to reproduce the issue
|
|
- Potential impact of the vulnerability
|
|
- Any suggestions for mitigation or fixes (if available)
|
|
|
|
We aim to acknowledge all vulnerability reports within 48 hours of submission.
|
|
|
|
## Disclosure Policy
|
|
We follow a coordinated disclosure process:
|
|
- The vulnerability is kept confidential until a fix is available
|
|
- Once a fix is implemented, we will release an update
|
|
- After users have had reasonable time to update, details of the vulnerability may be publicly disclosed
|
|
|
|
## Security Best Practices for Self-hosters
|
|
|
|
- Keep your Typebot installation updated to the latest version
|
|
- Follow security best practices for any infrastructure hosting Typebot
|
|
- Regularly review your chatbot configurations for potential security issues
|
|
|
|
|
|
|
|
|