| Version | Supported |
|---|---|
| 6.x | ✅ Yes |
| 5.x | |
| < 5.0 | ❌ No |
We take security seriously. If you discover a security vulnerability, please follow these steps:
- ❌ Open a public GitHub issue
- ❌ Post about it on social media
- ❌ Share details publicly before it's fixed
- Email us directly at:
security@astroalpha.dev(or contact via Facebook) - Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- 📬 Acknowledgment within 48 hours
- 🔍 Initial assessment within 1 week
- 🛠️ Fix timeline communicated based on severity
- 🏆 Credit given in release notes (if desired)
When deploying CLIProxy Dashboard:
- Always use a strong
secret-keyin yourconfig.yaml - Never expose port 8317 directly to the internet without authentication
- Use HTTPS in production (via reverse proxy like Nginx/Caddy)
- Regularly update to the latest version
- Limit access to the management dashboard to trusted IPs
We follow a 90-day disclosure policy:
- After a vulnerability is reported, we have 90 days to release a fix
- After the fix is released, we will publish a security advisory
Thank you for helping keep CLIProxy Dashboard secure! 🙏