| Version | Supported |
|---|---|
| 3.x.x | ✅ |
| 2.0.x | ✅ |
| 1.0.x | ❌ |
If you discover a security vulnerability in our Node.js web application or CockroachDB backend, please follow the guidelines below:
-
Email: Send an email to
myfit.auth@gmail.comwith the details of the vulnerability.- Use the subject line:
Security Vulnerability Report - [Your Issue Title]. - Provide a detailed description of the vulnerability, including:
- Affected components (e.g., frontend, API, database).
- Steps to reproduce the issue.
- Potential impact on the application and its users.
- Any suggested fixes or mitigations.
- Use the subject line:
-
Response Time:
- You can expect an initial response within 72 hours of your report.
- We will provide regular updates as we investigate and work on a fix, typically every 5-7 business days.
-
After Reporting:
- If the vulnerability is confirmed, we will work on a patch or mitigation strategy.
- You will be credited for your discovery unless you wish to remain anonymous.
- We will coordinate with you on the responsible disclosure of the vulnerability and its fix.
-
Non-Disclosure: Please do not disclose the vulnerability publicly until it has been addressed. We take security seriously and will work to resolve all reported issues as quickly as possible.
-
Bug Bounties: While we currently do not have a formal bug bounty program in place, we highly value and appreciate the efforts of security researchers who help us identify vulnerabilities. At this time, we are unable to offer monetary rewards. However, we are committed to acknowledging your contributions and, where appropriate, can provide public recognition for your efforts.
Thank you for helping us keep our app secure!