We take security seriously. The following versions of Koda are currently supported with security updates:
| Version | Supported |
|---|---|
| 1.x.x | β |
| < 1.0 | β |
If you discover a security vulnerability in Koda, please report it to us as follows:
Instead, please report security vulnerabilities by emailing: security@koda.design
When reporting a security vulnerability, please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact and severity
- Any suggested fixes or mitigations (optional)
- Your contact information for follow-up
- Acknowledgment: We'll acknowledge receipt of your report within 48 hours
- Investigation: We'll investigate the issue and work on a fix
- Updates: We'll provide regular updates on our progress (at least weekly)
- Disclosure: Once fixed, we'll coordinate disclosure timing with you
- Resolution: We'll release a security update and publish details
- Keep your Koda installation up to date
- Use strong, unique passwords
- Enable two-factor authentication where available
- Regularly review access permissions
- Monitor for unusual activity
We kindly ask that you:
- Give us reasonable time to fix the issue before public disclosure
- Avoid accessing or modifying user data
- Don't perform DoS attacks or degrade service performance
- Don't spam our systems with automated vulnerability scanners
We currently do not have a formal bug bounty program, but we greatly appreciate security researchers who help keep our platform safe. Significant security contributions may be eligible for rewards at our discretion.
For security-related questions or concerns:
- Email: security@koda.design
- General inquiries: hello@koda.design
Thank you for helping keep Koda and our users safe! π‘οΈ