| Version | Supported |
|---|---|
| 1.0.x | β |
| < 1.0 | β |
We take security seriously. If you discover a security vulnerability, please follow these steps:
- DO NOT open a public issue
- DO NOT disclose the vulnerability publicly until it has been addressed
- Email: Send details to [sakshamguptaqaz@gamil.com]
- Subject: "Security Vulnerability Report - Event Registration Module"
- Include:
- Type of vulnerability
- Location in code where vulnerability exists
- Steps to reproduce
- Potential impact
- Possible solutions (if any)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 1 week
- Fix Timeline: Within 2-4 weeks (depending on severity)
- Public Disclosure: After patch release
| Level | Description | Response Time |
|---|---|---|
| Critical | Remote code execution, data breach | 24-48 hours |
| High | Privilege escalation, XSS | 1-2 weeks |
| Medium | Information disclosure | 2-4 weeks |
| Low | Minor issues | 1 month |
- Keep the module updated to the latest version
- Apply Drupal core security patches regularly
- Use strong passwords and proper user permissions
- Regularly backup your site
- Monitor access logs for suspicious activity
- Follow Drupal security guidelines
- Sanitize all user inputs
- Use Drupal's form API for validation
- Implement proper access controls
- Regular security code reviews
- SQL Injection
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Remote Code Execution
- Information Disclosure
- Authentication Bypass
- Privilege Escalation
- File Upload Vulnerabilities
- Session Hijacking
The following are typically not considered vulnerabilities:
- Denial of service via resource exhaustion
- Social engineering attacks
- Browser-side vulnerabilities not affecting our code
- Issues in third-party dependencies (unless exploitable through our code)
We appreciate responsible disclosure and will:
- Acknowledge your contribution in release notes
- Work with you to understand and fix the issue
- Provide updates on the fix progress
- Credit you in security advisories (if you wish)
For critical vulnerabilities requiring immediate attention:
- Email: sakshamguptativ@gamil.com
- Subject: "URGENT: Critical Security Issue"
This policy is reviewed quarterly and updated as needed. Last updated: February 2026.
Note: This security policy applies to the Event Registration Module. For Drupal core security issues, please contact the Drupal Security Team directly.