If you discover a security vulnerability in BoltCache, please report it responsibly:

DO NOT create a public GitHub issue for security vulnerabilities.

Instead, please:

1. Email: mutlu@etsetra.com
2. Subject: "BoltCache Security Vulnerability"
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Acknowledgment: Within 24 hours
• Initial Assessment: Within 72 hours
• Regular Updates: Every 7 days until resolved
• Fix Timeline: Critical issues within 7 days, others within 30 days

Security researchers who responsibly disclose vulnerabilities will be:

• Credited in the security advisory (if desired)
• Listed in our Hall of Fame
• Eligible for a small token of appreciation

When using BoltCache in production:

• Enable authentication (security.auth.enabled: true)
• Use strong, unique tokens
• Enable rate limiting
• Use TLS/HTTPS in production
• Regularly update to latest version
• Monitor access logs
• Restrict network access

For security-related questions:

• 📧 Email: mutlu@etsetra.com
• 🔗 Website: etsetra.com

Thank you for helping keep BoltCache secure! 🙏