The security of StarryBio is our top priority. We appreciate the efforts of security researchers and the community to help keep our project safe. If you discover a security vulnerability, we encourage you to report it to us privately following the guidelines below.
StarryBio is a template-based project rather than a versioned software package. Security updates and patches are applied directly to the main branch. We always support the latest version of the code available in the main repository.
| Version | Supported |
|---|---|
Latest main branch |
✅ |
| All previous versions | ❌ |
Users are encouraged to pull the latest changes from the main branch to ensure they have the most secure and up-to-date version of the template.
Please do not report security vulnerabilities through public GitHub issues.
We prefer to receive vulnerability reports via GitHub's private reporting feature. This ensures the report is delivered directly to the maintainers securely.
- Navigate to the Security Tab on the StarryBio repository.
- Click on "Report a vulnerability".
- Fill out the form with as much detail as possible, following the template below.
If you are unable to use GitHub's private reporting for any reason, you may send your report via email to [email protected].
Whichever method you use, please include the following information to help us assess the issue as quickly as possible:
**Subject: Security Vulnerability in StarryBio**
**1. Description:**
[Please provide a clear and concise description of the vulnerability.]
**2. Steps to Reproduce:**
[Provide a step-by-step guide on how to reproduce the vulnerability. Include any specific configurations, links, or code snippets necessary.]
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error/vulnerability
**3. Impact:**
[Briefly describe the potential impact of this vulnerability. For example: "This could allow an attacker to perform cross-site scripting (XSS) by manipulating a link in the config file."]
**4. Supporting Material/PoC:**
[Include any screenshots, code snippets, or other proof-of-concept materials that can help us understand the issue.]
**5. Contact Information:**
[Please provide your name or alias for recognition, and any social media links if you wish to be credited (e.g., GitHub or Twitter profile).]When you report a vulnerability to a9x Development, you can expect the following:
- Acknowledgement: We will provide an initial acknowledgement of your report within 48 hours.
- Initial Triage: We will conduct an initial assessment of the vulnerability's validity and severity within 5 business days.
- Communication: We will maintain an open line of communication with you, providing updates on our progress as we work to validate and patch the issue.
- Resolution: Once the vulnerability is confirmed, we will work to release a patch as quickly as possible. The timeline will depend on the complexity of the issue.
- Public Disclosure: After a patch has been released, we are open to coordinating a public disclosure of the vulnerability with you. We kindly ask that you refrain from sharing the issue publicly until we have had a chance to release a fix.
a9x Development values the work of security researchers and will make every effort to recognize your contribution after the vulnerability has been resolved. Thank you for helping to keep StarryBio secure.