We actively maintain and provide security updates for the following versions of Attendrix:
| Version | Supported | Notes |
|---|---|---|
| 1.1.x | ✅ | Current stable release |
| 1.1.x | ✅ | LTS - Critical fixes only |
| 1.0.0 | ❌ | End of life |
| < 1.0 | ❌ | No longer supported |
We take security vulnerabilities seriously and appreciate your help in keeping Attendrix secure.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by:
- Email: Send details to
security@attendrix.com - GitHub Security Advisories: Use the private vulnerability reporting feature
When reporting a vulnerability, please include:
- Description: Clear description of the vulnerability
- Steps to Reproduce: Detailed steps to reproduce the issue
- Impact: Potential impact and attack scenarios
- Environment:
- Flutter version
- Dart version
- Platform (iOS/Android/Web)
- Device/OS version
- Screenshots/Videos: If applicable
- Suggested Fix: If you have ideas for remediation
- Initial Response: Within 48 hours of report
- Status Update: Weekly updates on investigation progress
- Resolution Timeline:
- Critical vulnerabilities: 7 days
- High severity: 30 days
- Medium/Low severity: 90 days
If the vulnerability is accepted:
- We'll work with you to understand and reproduce the issue
- We'll develop and test a fix
- We'll coordinate the disclosure timeline with you
- You'll be credited in our security advisory (unless you prefer anonymity)
- We may offer a bug bounty reward for significant findings
If the vulnerability is declined:
- We'll provide a detailed explanation
- We'll suggest alternative reporting channels if appropriate
- We remain open to further discussion if you disagree with our assessment
- Always download Attendrix from official sources
- Keep the app updated to the latest version
- Use strong, unique passwords for your account
- Report suspicious activity immediately
- Follow secure coding practices outlined in CONTRIBUTING.md
- Never commit sensitive data (API keys, passwords, tokens)
- Use dependency scanning tools before submitting PRs
- Keep dependencies updated and monitor for vulnerabilities
Attendrix implements several security measures:
- Data Encryption: All sensitive data encrypted at rest and in transit
- Authentication: Secure user authentication with JWT tokens
- API Security: Rate limiting and input validation
- Privacy: Minimal data collection with user consent
- Secure Storage: Platform-specific secure storage for sensitive data
We follow responsible disclosure principles:
- Private Reporting: Initial report through secure channels
- Investigation: We investigate and develop fixes privately
- Coordinated Disclosure: Public disclosure after fix is available
- Credit: Security researchers are credited for their findings
- Timeline: Reasonable timeline for fixes based on severity
For security-related inquiries:
- Maintainer: @SH1SHANK
- General Support: support@attendrix.com
We recognise security researchers who help improve Attendrix security:
- Your name could be here!
Last Updated: June 27, 2025 Policy Version: 1.0