Below is a table of currently supported versions receiving security updates:
| Version | Supported | End of Support |
|---|---|---|
| 2.1.x | β | December 2024 |
| 2.0.x | β | June 2024 |
| 1.9.x | March 2024 | |
| < 1.9 | β | Ended |
TheraBot implements the following security measures:
-
π Authentication & Authorization
- Multi-factor authentication (MFA)
- Role-based access control (RBAC)
- JWT token management
- Session security
-
π Network Security
- TLS 1.3
- HTTPS enforcement
- HSTS preloading
- DDoS protection
-
π οΈ Application Security
- Input validation
- Output encoding
- CSRF protection
- XSS prevention
- SQL injection prevention
-
π Data Security
- End-to-end encryption
- At-rest encryption
- Secure key management
- Regular backups
We take security vulnerabilities seriously. If you discover a security issue, please follow these steps:
- Do Not disclose the vulnerability publicly
- Email our security team at security@therabot.com
- Include detailed information:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes
| Stage | Time Frame |
|---|---|
| Initial Response | 24 hours |
| Issue Assessment | 72 hours |
| Security Patch | 1-2 weeks |
| Public Disclosure | After patch release |
We conduct regular security audits:
- π Monthly automated scans
- π Quarterly manual code reviews
- π― Annual penetration testing
- π¬ Continuous dependency monitoring
-
- Acknowledge receipt within 24 hours
- Assign security team member
-
- Reproduce vulnerability
- Assess impact and scope
- Determine root cause
-
- Develop and test fix
- Deploy to staging
- Conduct regression testing
-
- Release security advisory
- Update documentation
- Credit reporter (if desired)
We recognize security researchers who have responsibly disclosed vulnerabilities:
| Researcher | Vulnerability | Date |
|---|---|---|
| @securityhero | OAuth2 Flow Bypass | 2024-01 |
| @ethicalhacker | XSS in Chat | 2023-12 |
| @whitehacker | CSRF Prevention | 2023-11 |
π Document History
| Version | Date | Changes |
|---|---|---|
| 2.1 | 2024-01-15 | Added MFA requirements |
| 2.0 | 2023-12-01 | Major security policy update |
| 1.9 | 2023-09-15 | Initial public release |
Last updated: 2024-01-15