Currently supported versions with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
If you discover a security vulnerability, please report it by:
- DO NOT open a public issue
- Email: marmiksoni777@gmail.com
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
You should receive a response within 48 hours. We will investigate and patch critical vulnerabilities as quickly as possible.
When deploying PushFlow:
- Never commit
.envfiles with real credentials - Use environment variables for sensitive data
- Enable HTTPS in production
- Configure MongoDB network access restrictions
- Rotate VAPID keys if compromised
- Keep dependencies updated:
pnpm update - Review rate limiting settings for your use case