| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take the security of Stellar Connect Wallet seriously. If you discover a security vulnerability, please follow these steps:
Please do not open public issues for security vulnerabilities.
Instead, report them by:
- Email: Send details to janvisinghal10@gmail.com
- GitHub Private Vulnerability Reporting: Use the Security Advisories feature
When reporting a vulnerability, please provide:
- Type of issue (e.g., buffer overflow, SQL injection, XSS, etc.)
- Full paths of source file(s) related to the issue
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Initial Response: We will provide an initial response within 5 business days
- Resolution: We aim to resolve critical issues within 30 days
- Submit: Report the vulnerability privately
- Acknowledge: We confirm receipt and assign a security engineer
- Assess: We evaluate the report and determine severity
- Fix: We develop and test a fix
- Release: We publish a security update
- Disclose: After 30 days, we publicly disclose the issue (with your permission)
If you're contributing to the project, please follow these security guidelines:
- Never commit sensitive information (API keys, passwords, etc.)
- Validate and sanitize all user inputs
- Use prepared statements for database queries
- Keep dependencies up to date
- Follow the principle of least privilege
- Implement proper authentication and authorization checks
We appreciate responsible disclosure and will acknowledge contributors who report valid security issues (unless you prefer to remain anonymous).
Thank you for helping keep Stellar Connect Wallet secure!