| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email us at: me@terratauri.com
Include the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes (optional)
I'll respond as quickly as I can. For critical issues, expect a fix within days. I'll coordinate disclosure timing with you.
The following are in scope for security reports:
- Authentication bypass
- Authorization flaws
- Remote code execution
- SQL injection
- XML/XXE vulnerabilities
- Denial of service (protocol-level)
- Information disclosure
- Denial of service via resource exhaustion (expected behavior for MVP)
- Issues in dependencies (report to upstream)
- Social engineering attacks
When deploying Chattermax:
- Use a reverse proxy with TLS (nginx, Caddy) until native TLS is implemented
- Run as non-root user with minimal privileges
- Firewall - Only expose necessary ports
- Keep updated - Apply security patches promptly
- Strong passwords - Enforce strong user passwords
We appreciate responsible disclosure and will acknowledge security researchers who help improve Chattermax security.