This document outlines how to report vulnerabilities, what happens after you do, and the best practices we follow to keep GitTrend Zoho secure.
| Version | Supported | Notes |
|---|---|---|
| Latest (main) | β | Actively maintained with security patches |
| Older releases | β | Use the latest version for best protection |
- Transparency: All fixes and patches are made publicly available once verified.
- Privacy: We never collect sensitive user data without consent.
- Responsible Disclosure: We encourage private reporting before public announcements.
- Open Collaboration: Security improvements are welcomed from the community.
If you discover a potential security issue within GitTrend Zoho, please contact us privately first:
- π§ Email:
gittrendrepos@gmail.com - π§Ύ Include Details:
- Description of the issue
- Steps to reproduce
- Impact or possible exploit
- Suggested mitigation (optional)
Please avoid posting the issue publicly (e.g., GitHub issues) until itβs reviewed and resolved.
Once you report a vulnerability:
- π’ Low β minor or informational
- π‘ Medium β limited exploitability
- A patch or fix will be developed and tested.
- Youβll be informed when the issue is fixed and credited (if you wish).
If youβre contributing code to GitTrend Zoho:
- Do not commit credentials or API keys.
- Avoid hardcoding secrets (use
.envorconfig/settings.json). - Validate user inputs in FastAPI routes.
- Test your changes in a local environment before committing.
- Run
pip-auditorsafety checkto detect insecure dependencies.
- GitTrend Zoho does not store or sell user data.
- Only email credentials (Zoho SMTP) configured locally by the user are used for sending mail.
- No tracking, analytics, or third-party cookies are used in the open-source version.
We appreciate everyone who reports vulnerabilities responsibly.
Your contribution helps make GitTrend Zoho safer for all users.
Thank you for supporting secure open-source development π