We release patches for security vulnerabilities. Which versions are eligible for patches depends on the CVSS v3.0 Rating:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
If you find a vulnerability, please email contact@hrcd.fr with the details and we will respond as soon as possible. Please do not create a public issue.
We ask that you follow responsible disclosure practices when reporting vulnerabilities. This means you should:
- Contact us privately to report the vulnerability.
- Give us a reasonable amount of time to address the issue before making any information public.
- Avoid exploiting the vulnerability in any way.
To ensure the security of your Shelve installation, we recommend the following best practices:
- Keep your software up to date with the latest security patches.
- Use strong, unique passwords for all accounts.
- Enable two-factor authentication (2FA) where possible.
- Regularly review and audit your security settings and access controls.
- Monitor your systems for any unusual activity and respond promptly to any security incidents.