Skip to content

Security: DHEPLab/careloom

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in CareLoom, please report it responsibly:

  1. Do NOT open a public issue
  2. Email security concerns to dheplab@unc.edu
  3. Include steps to reproduce and potential impact
  4. We will respond within 5 business days

Default Credentials

CareLoom ships with default demo credentials for development and testing. You MUST change these before any production deployment.

See the deployment guides in docs/getting-started/ for security hardening instructions.

Supported Versions

Version Supported
1.x Yes

Disclosure Policy

We follow responsible disclosure. After a fix is released, we will publicly acknowledge the reporter (unless they prefer anonymity).

There aren't any published security advisories