| Version | Supported |
|---|---|
| latest | ✅ |
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public GitHub issue
- Send an email to security@liquidterminal.xyz with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix timeline: Depends on severity
- Critical: 24-48 hours
- High: 1 week
- Medium: 2 weeks
- Low: Next release
- Backend API (this repository)
- Authentication and authorization
- Data integrity and privacy
- Rate limiting and denial of service
- Issues in third-party dependencies (report to the dependency maintainer)
- Social engineering attacks
- Denial of service via legitimate API usage within rate limits
We appreciate responsible disclosure and will credit reporters (with permission) in our release notes.