If you discover a security vulnerability in CareLoom, please report it responsibly:
- Do NOT open a public issue
- Email security concerns to dheplab@unc.edu
- Include steps to reproduce and potential impact
- We will respond within 5 business days
CareLoom ships with default demo credentials for development and testing. You MUST change these before any production deployment.
See the deployment guides in docs/getting-started/ for security hardening instructions.
| Version | Supported |
|---|---|
| 1.x | Yes |
We follow responsible disclosure. After a fix is released, we will publicly acknowledge the reporter (unless they prefer anonymity).