We actively support the following versions of NeuronIP with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take the security of NeuronIP seriously. If you discover a security vulnerability, please follow these steps:
- Open a public GitHub issue
- Discuss the vulnerability publicly until it has been addressed
- Email us directly at the security contact for the project (if available) or open a private security advisory on GitHub
- Provide detailed information about the vulnerability:
- Type of vulnerability (XSS, SQL injection, authentication bypass, etc.)
- Affected components (backend, frontend, database, etc.)
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
- Initial Response: Within 48 hours, we will acknowledge receipt of your report
- Status Updates: We'll provide updates on the progress of the fix
- Resolution Timeline: We'll work to address critical vulnerabilities within 7 days, and high-severity issues within 30 days
- Credit: With your permission, we'll credit you in the security advisory and release notes
When using NeuronIP in production:
- Keep dependencies updated: Regularly update Go modules and npm packages
- Use environment variables: Never commit secrets or API keys
- Enable HTTPS: Always use HTTPS in production
- Review permissions: Implement proper RBAC and access controls
- Monitor logs: Regularly review application and access logs
- Database security: Use strong passwords and enable SSL for database connections
- Network security: Restrict access to services using firewalls and security groups
NeuronIP includes several security features:
- Authentication and authorization middleware
- CORS configuration
- Input validation
- SQL injection prevention (parameterized queries)
- Rate limiting
- Security headers
Always ensure these are properly configured in your deployment.
When a security vulnerability is reported:
- We confirm the issue and determine affected versions
- We develop a fix and test it thoroughly
- We release the fix in a new version
- We publish a security advisory with details and credits
We follow responsible disclosure practices to protect users while giving them time to update.
If you have questions about this security policy, please open a discussion or contact the maintainers.