RefearnApp is committed to protecting the security and integrity of our users, their data, and the systems running the platform.
We take security seriously and appreciate the efforts of security researchers and contributors who responsibly disclose vulnerabilities.
If you discover a security vulnerability in RefearnApp, please report it responsibly.
Use GitHub Security Advisories (private disclosure):
- Go to the repository
- Open the Security tab
- Click Report a vulnerability
Please provide as much detail as possible:
- A clear description of the vulnerability
- Steps to reproduce the issue
- A Proof of Concept (PoC) if available
- Potential impact (what an attacker could do)
- Any relevant logs, code, or configuration
The more detailed your report, the faster we can validate and fix it.
We do not accept fully automated AI-generated security reports.
Reports must include:
- Human verification
- A valid Proof of Concept
- Clear reproduction steps
Low-quality or unverifiable reports may be closed without action.
We currently support only the latest version of RefearnApp.
To stay secure, always:
- Use the latest release
- Apply updates regularly
Older versions may contain known vulnerabilities and are not actively patched.
We follow a responsible disclosure process:
- Please do not disclose vulnerabilities publicly before a fix is available
- Report issues privately through GitHub Security Advisories
- We will coordinate disclosure after the issue is resolved
This helps protect users from exploitation.
Once a report is received, we will:
- Acknowledge the report
- Validate and reproduce the issue
- Assess impact and severity
- Develop and test a fix
- Release a patch
- Notify users if necessary
We aim to respond as quickly as possible, but timelines may vary depending on complexity.
We appreciate responsible disclosure and may publicly acknowledge contributors who help improve RefearnApp security.
Built with security in mind by the RefearnApp Community.