We provide security updates for the following versions:
| Version | Supported |
|---|---|
| 2.x.x | ✅ |
| 1.5.x | ✅ |
| < 1.5 | ❌ |
We take the security of TourGuideAI seriously. If you believe you've found a security vulnerability, please follow these steps:
- Do not disclose the vulnerability publicly
- Email security@tourguideai.com with details about the vulnerability
- Include the following information:
- Type of vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- We will acknowledge receipt of your report within 48 hours
- We will provide an initial assessment within 7 days
- We aim to resolve critical issues within 30 days
- We will keep you informed about our progress
- After the issue is resolved, we will publicly acknowledge your responsible disclosure (unless you prefer to remain anonymous)
TourGuideAI implements the following security measures:
- Regular security audits and penetration testing
- Dependency vulnerability scanning in CI/CD pipeline
- Static code analysis
- OWASP compliance checks
- Secret scanning
- Software composition analysis (SCA)
- Container security scanning
Please ensure you follow our security best practices:
- Keep all dependencies up to date
- Enable MFA for all developer accounts
- Use environment-specific secrets and credentials
- Follow the principle of least privilege for all access controls
- Review security reports generated by our CI/CD pipeline
For more information about security best practices, see the Technical Implementation section of our project lessons.