| Version | Supported |
|---|---|
| 2.0.x | β Active support |
| < 2.0 | β End of life |
If you discover a security vulnerability in DZEconomy, please report it responsibly.
- Email: Send a detailed report to security@demonzdevelopment.online
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment within 48 hours
- Assessment within 7 days
- Fix timeline communicated after assessment
- Credit in the release notes (if desired)
Security issues in the following areas are in scope:
- Data integrity β Balance manipulation, unauthorized currency modification
- Authentication bypass β Permission checks that can be circumvented
- SQL injection β Via MySQL storage backend
- Denial of service β Commands or actions that crash the server
- Information disclosure β Exposing player data to unauthorized users
- Issues requiring physical access to the server
- Social engineering attacks
- Issues in third-party dependencies (report upstream)
Thank you for helping keep DZEconomy and its users safe! π