If you discover a security vulnerability in Conformio, please email [email protected] with:
- Description of the vulnerability
- Steps to reproduce it
- Potential impact
- Suggested fix (if available)
Please do not publicly disclose the vulnerability until we have had a chance to address it.
- All npm dependencies are regularly audited using
npm audit - Dependabot is configured to automatically check for security updates weekly
- We aim to keep all dependencies up-to-date with the latest security patches
- Sensitive information (API keys, passwords) are never committed to the repository
- All credentials must be stored as environment variables
- Frontend code never has access to backend secrets
- All communication with external services uses HTTPS
- SSL/TLS certificates are required in production
- All user input is validated on the frontend using Zod
- All backend requests perform additional server-side validation
- No user input is directly used in SQL queries or system commands
We follow the principle of releasing security patches as soon as possible when vulnerabilities are discovered. Security updates may be released outside of the normal release schedule.
- npm audit: ✅ 0 vulnerabilities
- Dependabot: ✅ Enabled
- Security scanning: ✅ Active
| Version | Supported |
|---|---|
| 0.0.1 | ✅ Current version |
For security concerns, please contact the development team through your account representative.