| Version | Supported |
|---|---|
| 1.x.x | ✅ |
We take the security of SimpleAccounts seriously. If you have discovered a security vulnerability, please report it responsibly.
- Do not open a public GitHub issue for security vulnerabilities
- Email the maintainers directly with details of the vulnerability
- Include the following information:
- Type of vulnerability
- Full paths of source file(s) related to the vulnerability
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
- Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
- Communication: We will keep you informed of the progress towards a fix
- Disclosure: We will coordinate with you on the public disclosure of the vulnerability
- Credit: We will credit you in the security advisory (unless you prefer to remain anonymous)
When deploying SimpleAccounts:
- Always use HTTPS in production
- Keep all dependencies up to date
- Use strong, unique passwords
- Enable appropriate authentication mechanisms
- Regularly backup your data
- Follow the principle of least privilege for database access
Security updates will be released as patch versions and announced through:
- GitHub Security Advisories
- Release notes
We recommend keeping your installation up to date with the latest releases.