LearnDojoWorld is a startup-stage learning platform. Security issues should be handled privately and responsibly.
The main branch is the only supported production-ready line. Feature branches are active development and may change frequently.
Please do not open public GitHub issues for security vulnerabilities.
Send a private report to the project maintainer with:
- a clear description of the issue
- affected area or route
- reproduction steps
- expected impact
- screenshots or logs, if helpful
Contributors must avoid committing:
.envfiles- access tokens or API keys
- database credentials
- private certificates
- production secrets
- personal user data
Use .env.example files as templates only. Real secrets should remain local or inside trusted deployment secret managers.
Before production launch, verify:
- HTTPS is enforced
- authentication tokens are stored safely
- CORS allows only trusted origins
- database backups are configured
- rate limiting is enabled for auth-sensitive endpoints
- error responses do not leak secrets
- dependency alerts are monitored