Hartmut
e3551fb78f
Replace z.array(z.unknown()) with RolePresetsSchema for blueprint role presets mutation input, ensuring structural validation before Prisma JSON cast. Also adds SECURITY.md for vulnerability disclosure. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
28 lines
891 B
Markdown
28 lines
891 B
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you discover a security vulnerability in CapaKraken, please report it responsibly.
|
|
|
|
**Do not** open a public GitHub issue for security vulnerabilities.
|
|
|
|
Instead, please email the maintainer directly with:
|
|
|
|
1. A description of the vulnerability
|
|
2. Steps to reproduce
|
|
3. Potential impact assessment
|
|
|
|
We will acknowledge receipt within 48 hours and provide a timeline for resolution.
|
|
|
|
## Supported Versions
|
|
|
|
Only the latest version on the `main` branch receives security updates.
|
|
|
|
## Security Practices
|
|
|
|
- Dependencies are audited nightly via `pnpm audit` and on every CI run
|
|
- Authentication uses Argon2-based password hashing via Auth.js v5
|
|
- Rate limiting is enforced on all API endpoints with Redis-backed counters
|
|
- All database mutations use parameterized queries via Prisma (no raw SQL)
|
|
- Session tokens are rotated on password change
|