If you discover a security vulnerability in Vectis, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, email alex.husniddinov@gmail.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: within 48 hours
- Initial assessment: within 1 week
- Fix timeline: depends on severity, typically 1-4 weeks
| Version | Supported |
|---|---|
| 0.1.x | Yes |
When deploying Vectis:
- Set a strong
VECTIS_SECRET_KEY(usepython -c "import secrets; print(secrets.token_urlsafe(32))") - Set a strong
VECTIS_DB_PASSWORD - Set
VECTIS_DEBUG=falsein production - Use HTTPS with a reverse proxy (Nginx, Caddy)
- Bind services to
127.0.0.1, not0.0.0.0, unless behind a reverse proxy - Keep PostgreSQL accessible only from the application server