Security updates currently supported versions of the project.
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| 0.9.x | ✅ |
| 0.8.x | ❌ |
| < 0.8 | ❌ |
We take the security of FRED API Wrapper seriously. If you have discovered a security vulnerability in our project, please follow these steps to report it:
- Do Not disclose the vulnerability publicly until our team has addressed it.
- Email your findings to [security-email@chaniyk.io]. Please keep your email using our PGP key to ensure the report is safe.
- Provide as much information as possible about the vulnerability:
- The steps to reproduce the issue
- The affected versions
- Any potential impacts of the vulnerability
Our security team will acknowledge your email within 48 hours and send a more detailed response within 5 days, letting us know the next steps in handling your report.
When we receive a security bug report, we will:
- Confirm the problem and determine the affected versions.
- Audit code to find any potential similar problems.
- Prepare fixes for all supported versions.
- Release new versions and patches as soon as possible.
If you have suggestions on improving this process, please submit a pull request or open an issue to discuss.
This security policy applies to the core FRED API Wrapper project. If you find vulnerabilities in the FRED API, please report them directly to the Federal Reserve Bank of St. Louis.
When using the FRED API Wrapper:
- Keep your API key confidential. Never commit it to version control or share it publicly.
- Use environment variables or secure secret management solutions to store your API key.
- Regularly update to the latest version of the wrapper to ensure you have the latest security patches.
- Be cautious when handling and storing data retrieved from the API, especially if it contains sensitive economic information.
The FRED API Wrapper includes several security features:
- API Key Verification: The wrapper includes a mechanism to verify the integrity of the API key.
- HTTPS: All communications with the FRED API are done over HTTPS.
- Input Validation: The wrapper validates input to prevent injection attacks.
Remember, while we strive to make the FRED API Wrapper secure, it's crucial to implement your own security measures in any application using this wrapper.