| Version | Supported |
|---|---|
| 1.0.x | ✅ |
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via:
- GitHub Security Advisories: Report a vulnerability
- Email: security@hvaclab.ru (если есть)
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
You will receive a response within 48 hours.
When using this project:
- Never commit
.envfiles with real credentials - Use strong passwords for Keycloak secrets
- Keep dependencies updated - check for new releases
- Review ModSecurity logs regularly
- Enable auto-update for GeoIP in production
- Use Let's Encrypt for production SSL certificates
This project includes:
- ModSecurity WAF with OWASP CRS 4.x
- Fail2Ban for brute-force protection
- TLS 1.2/1.3 only (no legacy protocols)
- Security headers (HSTS, CSP, etc.)
- Rate limiting