Ceres is currently in early development (pre-v1.0). Security updates will be provided for the latest development version.
| Version | Supported |
|---|---|
| main | ✅ |
If you discover a security vulnerability in Ceres, please report it privately:
- Do not open a public issue
- Email the maintainers or use GitHub's private vulnerability reporting
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will respond within 48 hours and work with you to address the issue.
When using Ceres:
- API Keys: Never commit API keys or database credentials to version control
- Database: Use strong passwords for PostgreSQL and restrict network access
- Input Validation: Be cautious when harvesting from untrusted data portals
- Dependencies: Keep Rust dependencies updated with
cargo update
Once a security issue is fixed, we will:
- Release a patch
- Publish a security advisory
- Credit the reporter (unless they prefer anonymity)