If you discover a security vulnerability in GatePay, please report it responsibly.
Option 1: Open a GitHub Security Advisory (recommended)
Option 2: Create a private issue with [SECURITY] prefix in the title
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
When using GatePay:
// ✅ Use environment variables for credentials
$apiKey = getenv('GATEWAY_API_KEY');
// ✅ Always use HTTPS in production
$gateway->setEndpoint('https://api.example.com');
// ✅ Don't log sensitive data
$logger->info('Transaction processed', ['id' => $txnId]);
// NOT: $logger->info('Card: ' . $cardNumber);
// NEVER: $logger->info('KEY: ' . $apiKey);Before submitting code:
- No hardcoded credentials
- Validate user inputs
- No sensitive data in error messages or logs
- Keep dependencies updated
Thanks for helping keep GatePay secure! 🙏