Skip to content

Security: Guepard-Corp/qwery-core

Security

SECURITY.md

Security Policy

Supported Versions

We release patches for security vulnerabilities in the following versions:

Version Supported
0.1.x

Reporting a Vulnerability

The Qwery team takes security seriously. We appreciate your efforts to responsibly disclose your findings.

How to Report

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report security vulnerabilities by emailing:

security@qwery.run

What to Include

Please include the following information in your report:

  • Type of vulnerability (e.g., SQL injection, XSS, authentication bypass)
  • Full paths of source file(s) related to the vulnerability
  • Location of the affected source code (tag/branch/commit or direct URL)
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if possible)
  • Impact of the vulnerability, including how an attacker might exploit it

Response Timeline

  • Initial Response: We will acknowledge your email within 48 hours
  • Status Update: We will provide a detailed response within 7 days, including next steps
  • Resolution: We aim to resolve critical vulnerabilities within 30 days
  • Disclosure: Once fixed, we will coordinate with you on public disclosure timing

Safe Harbor

We support safe harbor for security researchers who:

  • Make a good faith effort to avoid privacy violations, data destruction, and service interruption
  • Only interact with accounts you own or with explicit permission of the account holder
  • Do not exploit a security issue beyond what's necessary to demonstrate it
  • Provide us a reasonable time to resolve issues before public disclosure
  • Do not access, modify, or delete data belonging to others

Recognition

We maintain a security hall of fame to recognize researchers who have helped keep Qwery secure. If you'd like to be credited for your discovery (after the issue is resolved), please let us know in your report.

Security Best Practices for Contributors

When contributing to Qwery:

  • Never commit credentials, API keys, or secrets
  • Use environment variables for sensitive configuration
  • Follow secure coding practices outlined in our Contributing Guide
  • Keep dependencies up to date
  • Report any suspicious activity or potential vulnerabilities

Security Updates

Security advisories will be published on our GitHub Security Advisories page.

Questions

If you have questions about this policy, please contact security@qwery.run.

There aren’t any published security advisories