| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
If you discover a security vulnerability in the Huey Hugo theme, please report it by:
- Do NOT open a public GitHub issue
- Email the maintainer
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if available)
You should receive a response within 48 hours. If the vulnerability is accepted, we will:
- Develop and test a fix
- Release a patched version
- Publicly disclose the vulnerability after users have time to update
When using the Huey theme:
- Keep Hugo updated to the latest version (minimum 0.154.2)
- Configure security headers on your hosting platform (see netlify.toml example)
- Use HTTPS for all external resources
- Review and customize the Content-Security-Policy for your needs
- Regularly update the theme to the latest version
The Huey theme is designed for static site generation with Hugo, which provides inherent security benefits:
- No server-side code execution
- No database or backend vulnerabilities
- Content is generated at build time, not runtime
- Reduced attack surface compared to dynamic CMSs
However, proper configuration of security headers and HTTPS on your hosting platform is still essential for a secure deployment.