| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability within Spends Tracker, please report it by:
- Email: Send details to oss@mailite.com
- GitHub: Create a private security advisory via GitHub (preferred method)
All security vulnerabilities will be promptly addressed.
Please include:
- Description of the vulnerability
- Steps to reproduce
- Possible impact
- Suggested fix (if any)
- Keep your instance updated - Always run the latest version
- Use strong passwords - If authentication is enabled
- Secure your database - Don't expose PostgreSQL/SQLite to the internet
- HTTPS in production - Use HTTPS when deploying to production
- Regular backups - Backup your database and uploaded files
- Run behind a reverse proxy (nginx/Apache)
- Use environment variables for sensitive configuration
- Enable CORS only for trusted origins
- Keep dependencies updated (
npm audit,pip list --outdated)
- This is a personal finance tool - not designed for multi-user scenarios without additional authentication
- File uploads should be limited by size and type in production
- Rate limiting should be implemented for public deployments
We appreciate responsible disclosure of security issues. Thank you for helping keep Spends Tracker secure!