Skip to content

Security: mocasus/Auto-FreeCF

Security

SECURITY.md

Security Policy

πŸ”’ Supported Versions

Version Supported
3.3.x βœ… Yes
< 3.0 ❌ No

πŸ› Reporting a Vulnerability

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

How to Report

DO:

  • πŸ“§ Email: andikastore.ads@gmail.com
  • πŸ”’ Provide detailed information about the vulnerability
  • πŸ“ Include steps to reproduce if possible
  • ⏰ Allow reasonable time for us to address the issue before public disclosure

DON'T:

  • ❌ Do NOT open a public GitHub issue for security vulnerabilities
  • ❌ Do NOT exploit the vulnerability
  • ❌ Do NOT share the vulnerability details publicly before it's fixed

What to Expect

  • Initial Response: Within 48 hours
  • Status Update: Within 7 days
  • Resolution Target: Within 30 days
  • Public Disclosure: After fix is released and users have had time to update

Security Best Practices

When using Auto-FreeCF:

  1. Never share your credentials - Keep your Cloudflare and Google account credentials secure
  2. Use strong passwords - Always use unique, strong passwords for your accounts
  3. Enable 2FA - Enable two-factor authentication on your Cloudflare and Google accounts
  4. Review permissions - Only grant the minimum necessary permissions
  5. Keep updated - Always use the latest version of Auto-FreeCF
  6. Monitor accounts - Regularly check your accounts for unauthorized activity

Scope

Security vulnerabilities in:

  • Authentication bypass
  • Credential handling
  • Data exposure
  • Token generation
  • Browser automation exploits
  • Dependency vulnerabilities

Out of Scope

  • Cloudflare service issues
  • Google account issues
  • Third-party service outages
  • User error or misconfiguration

Thank you for helping keep Auto-FreeCF secure! πŸ›‘οΈ

There aren't any published security advisories