We actively support the following versions of ManaTuner Pro with security updates:
| Version | Supported |
|---|---|
| 2.0.x | β Yes |
| 1.5.x | β Yes |
| 1.4.x | β No |
| < 1.4 | β No |
We take security vulnerabilities seriously. If you discover a security vulnerability in ManaTuner Pro, please follow these steps:
- Never report security vulnerabilities through public GitHub issues
- Never discuss vulnerabilities in public forums or social media
- Email: Send details to
security@manatuner-pro.com(if available) - GitHub: Use GitHub Security Advisories (preferred)
- Subject: Include "SECURITY VULNERABILITY" in the subject line
- Description: Clear description of the vulnerability
- Impact: Potential impact and severity assessment
- Reproduction: Step-by-step instructions to reproduce
- Environment: Browser, OS, version information
- Proof of Concept: If applicable (no exploitation)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 7 days
- Fix Timeline: Depends on severity (see below)
- Public Disclosure: After fix is deployed
- Remote code execution
- Authentication bypass
- Data breach potential
- Privilege escalation
- Cross-site scripting (XSS)
- SQL injection
- Unauthorized data access
- Denial of service
- Information disclosure
- Cross-site request forgery (CSRF)
- Insecure direct object references
- Security misconfigurations
- Security headers missing
- Weak cryptography
- Information leakage
- Minor security improvements
- Content Security Policy (CSP): Strict CSP headers implemented
- XSS Protection: Input sanitization and output encoding
- HTTPS Only: All communications encrypted
- Secure Cookies: HttpOnly and Secure flags
- Dependency Scanning: Regular security audits
- Authentication: Secure authentication mechanisms
- Authorization: Proper access controls
- Input Validation: Server-side validation for all inputs
- Rate Limiting: API rate limiting and abuse prevention
- Logging: Security event logging and monitoring
- Vercel Security: Leveraging Vercel's security features
- Environment Variables: Secure secret management
- Regular Updates: Dependencies updated regularly
- Monitoring: Security monitoring and alerting
- Keep Updated: Always use the latest version
- Secure Environment: Use updated browsers and operating systems
- Report Issues: Report suspicious behavior immediately
- Privacy: Be cautious with sensitive deck information
- Code Review: All code changes reviewed for security
- Dependencies: Use only trusted dependencies
- Secrets: Never commit secrets or API keys
- Testing: Include security testing in development
- Input validation on all user inputs
- Output encoding to prevent XSS
- Secure authentication implementation
- Proper error handling (no information leakage)
- Dependency vulnerability scanning
- Security headers implementation
- HTTPS enforced everywhere
- Secure environment variable management
- CSP headers configured
- Security monitoring enabled
- Regular security updates scheduled
- Dependabot: Automated dependency updates
- CodeQL: Static code analysis
- Secret Scanning: Automatic secret detection
- Security Advisories: Vulnerability notifications
- Security Scans: Automated security scanning in CI/CD
- Dependency Audits: Regular npm audit checks
- SAST: Static Application Security Testing
- Container Scanning: If using containerization
- GitHub Security: Security Advisories
- Email: security@manatuner-pro.com (if available)
- Guillaume Bordes - Project Maintainer
- Security Team - External security consultants (if applicable)
We appreciate security researchers who help improve ManaTuner Pro's security:
Security researchers who have responsibly disclosed vulnerabilities will be listed here with their permission.
- Public acknowledgment in release notes
- Recognition in security advisories
- Contributor status in the project
- npm audit
- Snyk - Vulnerability scanning
- GitHub Security
Last Updated: June 22, 2025
Version: 2.0.0
Thank you for helping keep ManaTuner Pro secure! ππ―