If you discover a security vulnerability in Mission Control, please report it responsibly.
Do not open a public issue. Instead, email security@builderz.dev with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation within 7 days for critical issues.
| Version | Supported |
|---|---|
latest main |
Yes |
| older releases | Best effort |
Mission Control handles authentication credentials and API keys. When deploying:
- Always set strong values for
AUTH_PASSandAPI_KEY. - Use
MC_ALLOWED_HOSTSto restrict network access in production. - Keep
.envfiles out of version control (already in.gitignore). - Enable
MC_COOKIE_SECURE=truewhen serving over HTTPS. - Review the Environment Variables section for all security-relevant configuration.