| Version | Supported |
|---|---|
| 6.x | β Yes |
| 5.x | |
| < 5.0 | β No |
We take security seriously. If you discover a security vulnerability, please follow these steps:
- β Open a public GitHub issue
- β Post about it on social media
- β Share details publicly before it's fixed
- Email us directly at:
security@astroalpha.dev(or contact via Facebook) - Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- π¬ Acknowledgment within 48 hours
- π Initial assessment within 1 week
- π οΈ Fix timeline communicated based on severity
- π Credit given in release notes (if desired)
When deploying CLIProxy Dashboard:
- Always use a strong
secret-keyin yourconfig.yaml - Never expose port 8317 directly to the internet without authentication
- Use HTTPS in production (via reverse proxy like Nginx/Caddy)
- Regularly update to the latest version
- Limit access to the management dashboard to trusted IPs
We follow a 90-day disclosure policy:
- After a vulnerability is reported, we have 90 days to release a fix
- After the fix is released, we will publish a security advisory
Thank you for helping keep CLIProxy Dashboard secure! π