PHCDevworks applies security fixes to the current release line of this gem.
Please use the latest published version of ruby_api_pack_cloudways whenever
possible.
Do not open a public issue for security problems.
Use GitHub Security Advisories for this repository whenever possible. If that is not available, contact the maintainers through GitHub.
Include:
- A clear description of the issue and its impact
- Steps to reproduce or a proof of concept
- Affected versions, if known
- Any suggested mitigation
- We aim to acknowledge reports within 48 hours.
- We aim to provide an initial assessment within 5 business days.
- We will coordinate disclosure timing with the reporter when possible.
- Store Cloudways API keys in Rails credentials, environment variables, or a secure deployment secret manager.
- Do not commit Cloudways API keys, OAuth access tokens, production account identifiers, live server identifiers, or raw production API responses.
- Keep Ruby, Bundler, HTTParty, Oj, and test dependencies up to date.
- Review automated dependency updates and advisories before release.
- Avoid enabling HTTP debug output in production logs when it could expose request or response material.
- Use WebMock or VCR with sanitized fixtures for tests.
For non-sensitive security questions, open an issue or discussion in this repository.