If you discover a security vulnerability in Mycel, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email: franz.benthin.dev@gmail.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
- Acknowledgment: Within 48 hours
- Assessment: Within 1 week
- Fix: Depends on severity, but we aim for:
- Critical: 7 days
- High: 14 days
- Medium: 30 days
- Low: 90 days
| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |
- Never expose your
.envfile or GCP credentials - Use IAM roles with minimal permissions for the Cloud Run service account
- Enable audit logging in your GCP project
- Keep dependencies up to date