Please do not report security vulnerabilities through public GitHub issues.
Instead:
- Prepare a detailed report.
- Include steps to reproduce.
- Describe the potential impact.
- Include affected versions.
Security reports should be sent privately to the maintainers.
After receiving a report we will:
- Acknowledge the report.
- Investigate the issue.
- Develop and test a fix.
- Release a patch when appropriate.
- Publicly disclose the issue after remediation.
This policy covers:
- Authentication
- Authorization
- OAuth integrations
- Credential storage
- Workflow execution
- API endpoints
- Webhook processing
- Data encryption
Thank you for helping keep AutoFlow secure.