The following versions of the DSA Study Hub are currently being supported with security updates:

We maintain transparency regarding security improvements. The following vulnerabilities have been addressed in recent updates:

We take the security of DSA Study Hub seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Please report security vulnerabilities by opening a new issue in the GitHub repository.

• Do not disclose the vulnerability publicly until it has been addressed.
• Provide as much detail as possible to help us reproduce and fix the issue.

We will investigate all legitimate reports and do our best to quickly fix the problem.

We aim to acknowledge receipt of vulnerability reports within 48 hours. We strive to provide regular status updates during the investigation and remediation process.

We follow a coordinated disclosure policy:

• Please do not share vulnerability details publicly until we have released a fix.
• We request a 90-day embargo period for vulnerabilities (or until a fix is released, whichever is sooner) to give us time to address the issue.

The following assets are in scope for security testing:

• The DSA Study Hub web application
• The public API endpoints (if applicable)
• Source code in this repository

The following activities are out of scope:

• Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks
• Social engineering (phishing, vishing, etc.) against project maintainers or users
• Physical security attacks against our infrastructure providers

We consider security research conducted in accordance with this policy to be authorized. We will not take legal action against researchers who:

• Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.
• Only interact with accounts they own or with explicit permission from the account holder.
• Report any vulnerabilities they discover to us promptly.