Skip to content

Latest commit

 

History

History
15 lines (8 loc) · 1.08 KB

SECURITY.md

File metadata and controls

15 lines (8 loc) · 1.08 KB

Security Policy

The security of the apps maintained by RMUIF is incredibly essential. The code written for RMUIF is in production and secured primarily through Firebase Security Rules.

We offer only the rules necessary for the base app to function securely. Any custom features need to be covered by your own rules.

Supported versions

Previous versions of RMUIF apps supported updates via an upstream repository. With v3.0 and the move to Create React App templates, this is no longer possible. However, all apps using RMUIF, regardless of version, is supported with notifications on security updates.

Projects maintained by RMUIF use Dependabot to keep packages updated. We suggest you do the same for your project. It is easy to set up, and updates come in as pull requests. You also get notifications of vulnerabilities in packages you’re using.

Reporting a vulnerability

If you think you have discovered a security vulnerability in the base app, do not hesitate to contact [email protected]. Depending on the severity, it might be best to keep it from the public.