Hartmut
e3551fb78f
Replace z.array(z.unknown()) with RolePresetsSchema for blueprint role presets mutation input, ensuring structural validation before Prisma JSON cast. Also adds SECURITY.md for vulnerability disclosure. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
891 B
891 B
Security Policy
Reporting a Vulnerability
If you discover a security vulnerability in CapaKraken, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please email the maintainer directly with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact assessment
We will acknowledge receipt within 48 hours and provide a timeline for resolution.
Supported Versions
Only the latest version on the main branch receives security updates.
Security Practices
- Dependencies are audited nightly via
pnpm auditand on every CI run - Authentication uses Argon2-based password hashing via Auth.js v5
- Rate limiting is enforced on all API endpoints with Redis-backed counters
- All database mutations use parameterized queries via Prisma (no raw SQL)
- Session tokens are rotated on password change