If you discover a security vulnerability in Securo, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email: contact@usesecuro.com (or open a private security advisory on GitHub)
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment within 48 hours
- Status update within 7 days
- Fix and disclosure coordinated with the reporter
| Version | Supported |
|---|---|
| latest | Yes |
- Always change the default
SECRET_KEYin production - Use HTTPS in production
- Keep dependencies updated
- Restrict database access to the backend service only
- Review environment variables before deploying