Skip to content

Security: not-protocol/telegram-api-finder-bot

Security

SECURITY.md

πŸ” Security Policy

πŸ“’ Supported Versions

The following versions of Telegram API Finder Bot are currently supported with security updates:

Version Supported
v1.1 βœ… Yes
v1.0 ❌ No

🚨 Reporting a Vulnerability

If you discover a security vulnerability, please report it responsibly.

πŸ“¬ How to report:

  • Open a private issue (if available)
  • Or contact the maintainer directly (recommended)

⚠️ Please do NOT create a public issue for security vulnerabilities.


🧠 What to include in your report

To help us resolve issues quickly, include:

  • Description of the vulnerability
  • Steps to reproduce
  • Possible impact
  • Screenshots (if applicable)
  • Suggested fix (optional)

⏱️ Response Time

  • Initial response: within 48 hours
  • Fix timeline: depends on severity

πŸ” Security Best Practices (for users)

If you're running this bot:

  • Never expose your .env file
  • Keep your Telegram bot token private
  • Do not upload sensitive data to public repositories
  • Regularly update dependencies

πŸ›‘οΈ Scope

This security policy applies to:

  • Source code in this repository
  • Bot logic and API handling
  • Configuration files

⚑ Notes

This project is actively maintained. Security improvements and patches are released in supported versions only.


🀝 Responsible Disclosure

We appreciate responsible disclosure and will take all valid reports seriously.


There aren't any published security advisories