The Event Management System (EMS) project currently supports the latest release and the main branch for security updates. Older versions may not receive security patches.

We take security seriously and appreciate your efforts to responsibly disclose vulnerabilities. If you discover a security issue in EMS, please follow these steps:

1. Do Not Disclose Publicly:

   • Avoid posting vulnerabilities in public forums, GitHub issues, or social media until they are resolved.

2. Contact Us Privately:

   • Email [email protected] with the following details:
     • A description of the vulnerability.
     • Steps to reproduce the issue.
     • Potential impact (e.g., data exposure, unauthorized access).
     • Any suggested fixes (optional).
   • Use the subject line: [EMS Security] Vulnerability Report.

3. Response Process:

   • We will acknowledge your email within 48 hours.
   • Our team will investigate and prioritize the issue.
   • We will work with you to validate the vulnerability and develop a fix.
   • Once resolved, we will release a security update and credit you (if desired) in the release notes.

4. Timeline:

   • We aim to resolve critical vulnerabilities within 30 days.
   • Less severe issues may take longer, depending on complexity.
   • We will keep you informed throughout the process.

To enhance security when using EMS:

• Keep PHP, your web server, and database software up to date.
• Use strong, unique passwords for admin accounts.
• Enable HTTPS on your server.
• Regularly back up your database and application files.
• Monitor logs for suspicious activity.
• Restrict file permissions for sensitive directories (uploads/, cache/).

• No known vulnerabilities at this time. Check GitHub Issues for updates.

For security-related inquiries, contact:

• Email: [email protected]
• GitHub: @VoxDroid

Thank you for helping keep EMS secure!