Skip to content

Security: Zafar7645/syncup

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
1.x ✅ Yes

Reporting a Vulnerability

Please do not open a public GitHub issue for security vulnerabilities.

If you discover a security issue, report it privately by emailing:

zafar.shaikh.se@gmail.com

Include in your report:

  • A description of the vulnerability
  • Steps to reproduce it
  • The potential impact
  • Any suggested fix (optional)

Response Timeline

Action Timeframe
Acknowledgement of your report Within 48 hours
Confirmation of the vulnerability Within 5 business days
Patch release for critical issues Within 7 days

You will be credited in the release notes (unless you prefer to remain anonymous).

Scope

In scope:

  • Authentication bypass or privilege escalation
  • SQL injection or other injection attacks
  • Exposure of other users' data
  • JWT secret or credential leakage

Out of scope:

  • UI/UX cosmetic issues
  • Bugs that require physical access to a user's device
  • Issues in third-party dependencies (report those upstream)

Disclosure Policy

Once a fix is released, we will publish a summary of the vulnerability and credit the reporter. We ask that you give us a reasonable time to patch before any public disclosure.

There aren't any published security advisories