We actively maintain and provide security updates for the latest versions of all Minisource projects.
| Version | Supported |
|---|---|
| latest (main branch) | ✅ |
| Previous releases | ❌ |
If you discover a security vulnerability, please DO NOT open a public issue.
Email us directly at: security@minisource.ir
Please include:
- Description of the vulnerability
- Steps to reproduce
- Affected repository/service
- Potential impact
- Suggested fix (if any)
- Acknowledgment: We will acknowledge your email within 48 hours
- Assessment: We will assess the vulnerability and provide a detailed response within 5 business days
- Fix & Disclosure: Once fixed, we will:
- Release a security patch
- Credit you in the release notes (if desired)
- Publish a security advisory
We ask that you:
- Give us reasonable time to fix the issue before public disclosure
- Do not exploit the vulnerability beyond what is necessary to demonstrate it
- Keep vulnerability details confidential until we publish a fix
For all Minisource services:
- Keep dependencies up to date (Dependabot enabled)
- Use environment variables for secrets
- Enable 2FA on GitHub
- Review security advisories regularly
- Follow least privilege principles
All Minisource projects include:
- Automated dependency scanning (Dependabot)
- Secret scanning and push protection
- Regular security audits
- Secure coding guidelines
- Input validation and sanitization
This security policy applies to all repositories under the minisource GitHub organization:
- All core services (auth, gateway, storage, etc.)
- All SDKs (go-sdk, csharp-sdk)
- All shared libraries (go-common, csharp-common)
- Infrastructure and templates
We currently do not have a bug bounty program, but we greatly appreciate responsible disclosure and will acknowledge contributors in our release notes.
- Security Email: security@minisource.ir
- General Contact: info@minisource.ir
Thank you for helping keep Minisource and our users safe!