At CampX, we take the security of our users' data and our platform seriously. This security policy outlines our approach to safeguarding the system, user information, and the steps to report and address security vulnerabilities.
We actively maintain and support the latest stable version of CampX. If you are using an outdated version, we recommend updating to the latest version to benefit from the latest security patches and improvements.
If you discover a security vulnerability within CampX, we encourage you to report it to us as soon as possible. We welcome reports from the security community, users, and developers to help us keep CampX secure.
Please report vulnerabilities by opening an issue in the CampX GitHub repository. When creating the issue, make sure to:
- Use a clear and descriptive title.
- Select the appropriate label (e.g., "Security Issue").
- Provide a detailed description of the vulnerability and its potential impact.
- Include steps to reproduce the vulnerability.
- Attach any proof-of-concept (PoC) code, if available.
- Mark the issue as private if GitHub's repository settings allow this option, or indicate that sensitive details are being disclosed.
If the issue tracker does not support private issues, please refrain from sharing sensitive information publicly. Instead, notify us via a general issue and request a secure communication channel to provide further details.
We aim to acknowledge receipt of your vulnerability report within 48 hours. After the initial acknowledgment, we will work on verifying the vulnerability and providing a fix as quickly as possible. We strive to resolve reported vulnerabilities within 30 days.
- Encryption: All sensitive data, including passwords and user information, is encrypted in transit using HTTPS and at rest in our databases.
- Environment Variables: Secure environment variables (e.g., API keys, database credentials) are used to protect critical information and are not hard-coded in the application.
- User Authentication: User passwords are hashed using industry-standard algorithms (e.g., bcrypt) to ensure they are securely stored.
- Access Control: Only authorized users can edit or delete the campgrounds they have added. Role-based access control (RBAC) may be implemented in the future to further secure user actions.
We regularly audit our codebase and dependencies to identify and mitigate potential security risks. Automated tools and manual code reviews are employed to ensure the security of the platform.
We carefully manage our dependencies to avoid introducing vulnerabilities through third-party libraries. Dependencies are regularly updated to their latest secure versions.
We believe in responsible disclosure. If you report a vulnerability and agree to give us time to fix it before disclosing it publicly, we will acknowledge your contribution once the issue has been resolved.
We appreciate the efforts of the security community and our users in helping us maintain the security of CampX. Your contributions make our platform safer for everyone.
For any questions or concerns regarding this security policy, please contact us via the issue tracker or at CampX.