We release patches for security vulnerabilities. Currently supported versions:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
We take the security of BuySmart seriously. If you believe you have found a security vulnerability, please report it to us as described below.
- Open a public GitHub issue for security vulnerabilities
- Disclose the vulnerability publicly before it has been addressed
-
Email us at [your-security-email@example.com] with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
-
Allow time for us to respond (we aim for 48 hours)
-
Work with us to understand and resolve the issue
- Never commit API keys to version control
- Store keys in
.envfiles (already in.gitignore) - Rotate keys regularly
- Use environment-specific keys (dev vs production)
- Use HTTPS for all production deployments
- Keep Docker images updated
- Implement rate limiting on public endpoints
- Use strong secrets for SearXNG and other services
- Regularly update dependencies
- Only install from official sources (Chrome Web Store)
- Review permissions requested by the extension
- Keep the extension updated
- Report suspicious behavior immediately
- API keys are stored in environment variables
- Never expose
.envfiles publicly - Backend validates and sanitizes all inputs
- Respects robots.txt when possible
- Implements rate limiting to avoid overwhelming sites
- Uses legitimate user agents
- No user data is stored permanently
- Product searches are not logged with personal information
- All API calls are made server-side (not from user's browser)
Security updates will be released as soon as possible after a vulnerability is confirmed. Users will be notified through:
- GitHub Security Advisories
- Release notes
- README updates
- Security issues are disclosed after a fix is available
- We credit researchers who report vulnerabilities (unless they prefer to remain anonymous)
- We maintain a security changelog
For security concerns, please contact: [your-security-email@example.com]
For general questions, use GitHub Issues.
Thank you for helping keep BuySmart and its users safe!