If you discover a security vulnerability in MyCollections, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please email: security@solve4it.com
Include:
- A description of the vulnerability
- Steps to reproduce
- Affected versions
- Any potential impact
- Acknowledgment: within 48 hours
- Initial assessment: within 5 business days
- Fix timeline: depends on severity, but we aim for:
- Critical: 7 days
- High: 14 days
- Medium: 30 days
- Low: next release
We support safe harbor for good-faith security researchers. We will not pursue legal action against individuals who:
- Report vulnerabilities through the process above
- Avoid accessing or modifying other users' data
- Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue
- Allow reasonable time for a fix before public disclosure
Only the latest release is supported with security updates.