We actively support the following versions of WPFBase with security updates:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
We take security seriously. If you discover a security vulnerability in WPFBase, please report it responsibly.
- Do NOT create a public GitHub issue for security vulnerabilities
- Email us directly at: [[email protected]] (replace with your email)
- Use our private vulnerability disclosure process
Please include the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if you have one)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Fix Timeline: Within 30 days for critical issues
When using WPFBase:
-
Keep Dependencies Updated
- Regularly update NuGet packages
- Monitor for security advisories
-
Input Validation
- Always validate user input
- Use the built-in validation features
-
Configuration Security
- Don't commit secrets to version control
- Use secure configuration management
- Review appsettings.json for sensitive data
-
Logging Security
- Don't log sensitive information
- Review log outputs for data leaks
- Use appropriate log levels
- Serialization: Be cautious when deserializing untrusted data
- File Operations: Validate file paths to prevent directory traversal
- Network Operations: Use HTTPS for all external communications
- User Permissions: Follow principle of least privilege
Security updates will be:
- Released as patch versions (e.g., 1.0.1)
- Announced in release notes
- Tagged with security advisory labels
- Communicated through GitHub Security Advisories
We appreciate security researchers and users who help keep WPFBase secure by responsibly disclosing vulnerabilities.
For security-related questions or concerns:
- Security Email: [[email protected]] (replace with your email)
- General Contact: GitHub Issues (for non-security questions)
Thank you for helping keep WPFBase and the community safe!