| Version | Supported |
|---|---|
| 1.0.x | ✅ |
We take the security of PayloadCMS + Typesense Plugin seriously. If you believe you have found a security vulnerability, please report it to us following these steps:
- DO NOT create a public GitHub issue for the vulnerability.
- Contact us directly at one of the following:
- X: @rubixvi
- Email: Contact Form
- Facebook: rubixvi
Please include the following details in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any possible mitigations
- Version of PayloadCMS + Typesense Plugin affected
- We will acknowledge receipt of your vulnerability report within 48 hours.
- Our security team will investigate and validate the issue.
- We will keep you informed about the progress of fixing the vulnerability.
- Once fixed, we will notify you and publish a security advisory if necessary.
- Security patches are given the highest priority
- Updates will be released as soon as possible after a vulnerability is confirmed
- If a critical vulnerability is found, we will release a patch version immediately
When using PayloadCMS + Typesense Plugin in production:
- Keep all dependencies up to date
- Use secure environment variables for sensitive data
- Regularly backup your database
- Monitor your application logs for suspicious activity
- Follow security best practices for Next.js and MongoDB deployments
- Implement proper authentication and authorization
We continuously monitor our codebase for security issues through:
- Automated dependency scanning
- Regular code reviews
- Third-party security audits
- Community reports
- We follow responsible disclosure practices
- Security issues will be announced via our changelog and security advisories
- Credit will be given to security researchers who report valid vulnerabilities
For any security-related questions, contact:
Rubix Studios Pty. Ltd.
Website: https://rubixstudios.com.au