Files
cgalo5758 cbd08b45aa Add project front-door documentation
Rewrite the README around purpose, architecture, quickstart, and
status. Add contributing/security policies plus a docs index with
audience front matter across existing docs.
2026-07-01 04:18:08 -05:00

1.8 KiB

Security Policy

Supported versions

member-console is pre-production and under active development. Security fixes are applied to the main branch only; there are no separately maintained release branches yet.

Reporting a vulnerability

Please do not report security vulnerabilities through public issues, pull requests, or discussions.

Instead, report them privately so we can assess and fix the issue before it is publicly disclosed.

  • Preferred: email security@wiki.cafe (placeholder — confirm the real address) with a description of the issue and, if possible, steps to reproduce.
  • Alternatively, contact the maintainers privately through git.coopcloud.tech/wiki-cafe.

Please include:

  • a description of the vulnerability and its potential impact,
  • steps to reproduce or a proof of concept,
  • any affected versions, configuration, or components (for example, the operator panel, the Stripe webhook pipeline, or a provider integration).

What to expect

  • We will acknowledge your report as soon as we are able.
  • We will investigate, keep you informed of progress, and let you know when a fix is available.
  • We will credit reporters who wish to be named once a fix has shipped, unless you prefer to remain anonymous.

Scope

Because this is a self-hostable application, some risk depends on how a given deployment is configured. Reports that involve the code in this repository — the member console, its operator/member surfaces, its webhook and workflow processing, or the provider-extension contract — are in scope. The test stack under test/ ships with deliberately non-secret development credentials; those are not vulnerabilities.