If you believe you have found a security vulnerability in GoFlux, please report it privately.
- Email: irfandimarsya@gmail.com
- Include: a description of the issue, impact, steps to reproduce, and any proof-of-concept code
- Response: We will acknowledge receipt of your report within 48 hours
Please do not open a public GitHub issue for security reports.
Coordinated Disclosure: We appreciate responsible disclosure and will work with you to understand and fix the issue.
Security fixes are provided for:
- The latest released version
- The
mainbranch
- Report Received: We acknowledge security reports within 48 hours
- Assessment: We assess and triage the vulnerability within 7 business days
- Fix Development: We develop and test the fix
- Release: We release a security update with the fix
- Public Disclosure: We disclose the vulnerability after the fix is deployed
- Critical: Security vulnerability that allows unauthorized access or data theft
- High: Security vulnerability with significant impact
- Medium: Security vulnerability with limited impact
- Low: Security vulnerability with minimal impact or workaround available
When contributing to GoFlux:
- Do not commit credentials, API keys, or secrets
- Use environment variables for sensitive configuration
- Follow secure coding practices
- Report suspicious security issues privately
- Perform security reviews for changes affecting security-sensitive areas
We use Dependabot for automated dependency updates. Security vulnerabilities in dependencies are tracked and addressed through GitHub's Dependabot alerts.
- The project uses HTTPS for all communications
- Dependencies are fetched from HTTPS sources (go modules)
- No hardcoded credentials or secrets in the codebase
GoFlux is designed to follow security best practices:
- Input validation for all external data
- Safe error handling without exposing internal details
- Proper nil checks to prevent panics
- No use of unsafe or deprecated functions
- Regular dependency updates via Dependabot
For security-related questions or concerns:
- Email: irfandimarsya@gmail.com
- GitHub Security: https://github.com/irfndi/goflux/security
For non-security bugs, please use the normal issue tracker.