We provide security updates for the following versions of Volley CLI:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security vulnerability, please follow these steps:
- Do NOT open a public GitHub issue
- Email us directly at security@volleyhooks.com
- Include the following information:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
- We will acknowledge receipt of your report within 48 hours
- We will provide a detailed response within 7 days
- We will keep you informed of the progress toward fixing the vulnerability
- We will notify you when the vulnerability has been fixed
- We will credit you for the discovery (unless you prefer to remain anonymous)
- We will coordinate with you on the disclosure timeline
- We will not disclose the vulnerability publicly until a fix is available
When using Volley CLI:
- Keep it updated: Always use the latest version of Volley CLI
- Secure your credentials: Never commit your Volley API tokens or credentials
- Use HTTPS: Always use HTTPS endpoints when forwarding webhooks
- Validate webhooks: Verify webhook signatures when possible
- Review permissions: Only grant necessary permissions to your Volley account
Volley CLI includes the following security features:
- Secure credential storage (encrypted local storage)
- HTTPS-only API communication
- No credential logging
- Token-based authentication
Thank you for helping keep Volley CLI secure! 🔒