We release patches for security vulnerabilities. Currently supported versions:
| Version | Supported |
|---|---|
| 2.1.x | ✅ |
| 2.0.x | ✅ |
| < 2.0 | ❌ |
We take the security of CloudVault Pro seriously. If you believe you have found a security vulnerability, please report it to us as described below.
- Open a public GitHub issue
- Discuss the vulnerability in public forums
- Exploit the vulnerability beyond what is necessary to demonstrate it
- Email us directly at: security@cloudvault-pro.com (or create a private security advisory on GitHub)
- Include details such as:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if you have one)
- Allow time for us to respond (typically within 48 hours)
- Work with us to understand and resolve the issue
- Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
- Updates: We will keep you informed about our progress
- Fix Timeline: We aim to release security fixes within 7-14 days for critical issues
- Credit: We will credit you in our release notes (unless you prefer to remain anonymous)
- Keep your CloudVault Pro installation up to date
- Use strong, unique passwords
- Enable two-factor authentication when available
- Regularly review access logs
- Keep your dependencies updated
- Use HTTPS in production
When we receive a security bug report, we will:
- Confirm the problem and determine affected versions
- Audit code to find similar problems
- Prepare fixes for all supported versions
- Release new security fix versions as soon as possible
Thank you for helping keep CloudVault Pro and our users safe!