We actively support the following versions of Evolution Manager with security updates:
| Version | Supported |
|---|---|
| 2.x.x | β Yes |
| 1.x.x | |
| < 1.0 | β No |
We take security vulnerabilities seriously. If you discover a security vulnerability in Evolution Manager, please help us by reporting it responsibly.
Please DO NOT create a public GitHub issue for security vulnerabilities.
Instead, please report security vulnerabilities by emailing us directly at:
π§ contato@evolution-api.com
When reporting a vulnerability, please include:
- Description: A clear description of the vulnerability
- Steps to Reproduce: Detailed steps to reproduce the issue
- Impact: What an attacker could achieve by exploiting this vulnerability
- Affected Versions: Which versions of Evolution Manager are affected
- Proof of Concept: If possible, include a proof of concept (but please be responsible)
- Suggested Fix: If you have ideas for how to fix the issue
We are committed to responding to security vulnerability reports in a timely manner:
- Initial Response: Within 48 hours of receiving your report
- Status Updates: Every 7 days until the issue is resolved
- Resolution: We aim to resolve critical vulnerabilities within 30 days
We believe in recognizing security researchers who help make Evolution Manager safer:
- Hall of Fame: We maintain a security researchers hall of fame
- CVE Assignment: For significant vulnerabilities, we'll work with you on CVE assignment
- Public Recognition: With your permission, we'll publicly acknowledge your contribution
When using Evolution Manager, we recommend:
- Keep Updated: Always use the latest supported version
- Secure Configuration: Follow our security configuration guidelines
- Network Security: Use HTTPS and proper network security measures
- Access Control: Implement proper authentication and authorization
- Regular Audits: Conduct regular security audits of your deployment
- Security Documentation: [Link to security docs when available]
- Security Checklist: [Link to security checklist when available]
- Best Practices Guide: [Link to best practices when available]
We follow responsible disclosure practices:
- Private Report: You report the vulnerability privately
- Investigation: We investigate and develop a fix
- Coordination: We coordinate with you on disclosure timing
- Public Disclosure: We publicly disclose the vulnerability after a fix is available
This security policy is designed to be compatible with responsible security research. We will not pursue legal action against researchers who:
- Follow this responsible disclosure process
- Do not access or modify user data beyond what's necessary to demonstrate the vulnerability
- Do not perform testing on production systems without permission
- Do not engage in activities that could harm our users or services
Thank you for helping keep Evolution Manager and our community safe! π
Evolution Manager Security Team π§ contato@evolution-api.com π https://github.com/EvolutionAPI/evolution-manager-v2