| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.0 | ❌ |
We take security seriously. If you discover a security vulnerability in Ardo, please report it responsibly.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via email to:
security@sebastian-software.de
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution Target: Within 30 days (depending on complexity)
- We will acknowledge your report within 48 hours
- We will investigate and keep you informed of our progress
- Once fixed, we will publicly disclose the vulnerability with credit to you (unless you prefer to remain anonymous)
When using Ardo in your projects:
- Keep Ardo and its dependencies up to date
- Review any custom MDX components for potential XSS vulnerabilities
- Use environment variables for sensitive configuration
- Follow the principle of least privilege for deployment
We appreciate the security research community and will acknowledge reporters in our release notes (with permission).
Thank you for helping keep Ardo and its users safe!