We actively support the following versions of the Fintava JavaScript SDK:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
Please do not report security vulnerabilities through public GitHub issues.
If you discover a security vulnerability in this SDK, please report it responsibly:
- Email: Send details to the project maintainers (create a private issue or contact through GitHub)
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Contact Fintava directly through their official security channels
- Do not report platform vulnerabilities to this community repository
When using this SDK:
- Never expose your secret keys in client-side code
- Use environment variables for sensitive configuration
- Validate all inputs before processing
- Use HTTPS for all API communications
- Implement proper error handling to avoid information leakage
- Only use public keys in browser environments
- Validate data received from the server
- Implement CSP headers to prevent XSS attacks
- Use secure communication channels
- Keep the SDK updated to the latest version
- Review dependencies regularly for vulnerabilities
- Follow Fintava's security guidelines for your integration
- Implement proper logging without exposing sensitive data
- Acknowledgment: We will acknowledge receipt of vulnerability reports within 48 hours
- Assessment: We will assess the vulnerability and determine its severity
- Fix: We will work on a fix and coordinate disclosure timing
- Release: We will release a patched version as soon as possible
- Disclosure: We will publicly disclose the vulnerability after a fix is available
Security updates will be:
- Released as patch versions (e.g., 1.0.1 → 1.0.2)
- Documented in the changelog with appropriate severity indicators
- Announced through GitHub releases and security advisories
We regularly audit our dependencies for security vulnerabilities using:
npm audit- Automated dependency scanning
- Manual security reviews
For security-related questions or concerns:
- Create a private issue on GitHub
- Contact project maintainers directly
- For platform issues: Use official Fintava security channels
Note: This is a community-maintained SDK. For official Fintava platform security issues, please contact Fintava directly through their official channels.