If you discover a security vulnerability in AAPP-MART, please report it responsibly.
Preferred method:
- Open a private GitHub Security Advisory
Please do not disclose security issues publicly until a fix or mitigation has been released.
- Initial response: within 72 hours
- Fix or mitigation: as soon as reasonably possible
- Coordinated disclosure will be handled in collaboration with the reporter
Security updates are provided only for the latest stable release of AAPP-MART.
Older versions may not receive security fixes.
This project does not provide exploit code.
Valid reports include:
- Code-level security weaknesses
- Dependency vulnerabilities
- Logic flaws affecting security
- Configuration or deployment misconfigurations
Out of scope:
- Social engineering
- Denial-of-service via unrealistic traffic
- Issues requiring physical access
We appreciate responsible disclosure and will acknowledge reporters when appropriate.