We release patches for security vulnerabilities in the following versions:

We take the security of the JetNet n8n nodes seriously. If you believe you have found a security vulnerability, please report it to us as described below.

• Open a public GitHub issue for security vulnerabilities
• Post about the vulnerability on social media or forums

• Email your findings to the maintainer (see package.json for contact)
• Include the following information:
  • Type of issue (e.g., credential exposure, API token leak, etc.)
  • Full paths of source file(s) related to the manifestation of the issue
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if possible)
  • Impact of the issue

• Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
• Communication: We will keep you informed about the progress of addressing the vulnerability
• Fix Timeline: We aim to release a patch within 7-14 days, depending on complexity
• Credit: We will credit you for the discovery (unless you prefer to remain anonymous)

This package implements several security measures:

• All API credentials are handled through n8n's secure credential storage
• Tokens are never logged or exposed in error messages
• Sensitive data is automatically redacted from error outputs

• All error messages are sanitized to remove:
  • Bearer tokens
  • API tokens
  • Passwords
  • Email addresses in authentication context
  • URLs containing tokens

• All API requests use HTTPS
• Default timeout of 60 seconds prevents hanging requests
• Token caching includes automatic expiry handling

• All user inputs are validated before being sent to the API
• SQL injection and XSS attacks are prevented through proper parameterization

1. Credential Management:

   • Use n8n's built-in credential storage
   • Never hardcode credentials in workflows
   • Rotate API tokens regularly
   • Use environment-specific credentials

2. Workflow Security:

   • Limit access to workflows containing JetNet nodes
   • Review workflow permissions regularly
   • Audit workflow executions

3. Data Handling:

   • Be cautious when exposing aircraft/company data
   • Implement proper access controls
   • Consider data retention policies

We regularly update dependencies to patch known vulnerabilities. Run npm audit to check for vulnerabilities in dependencies.

For security concerns, please contact the maintainer directly rather than using public issue trackers.