Only the latest version of Pressmark (on the main branch) receives security updates.

Please do not open a public GitHub issue for security-sensitive findings.

Instead, contact the maintainer directly via LinkedIn with:

1. A description of the issue and its potential impact
2. Steps to reproduce (or a proof-of-concept, if applicable)
3. Any suggested mitigation or fix

You can expect an initial response within 72 hours.

• The maintainer will confirm receipt and investigate the report
• A fix will be prepared and released as soon as reasonably possible
• Credit will be given in the release notes (unless you prefer to remain anonymous)
• Public disclosure will be coordinated with the reporter

This policy covers the Pressmark application code in this repository. Third-party dependencies should be reported to their respective maintainers.

• Change the default Jwt__Secret to a strong random value before deploying
• Run behind HTTPS (terminate TLS at nginx or a reverse proxy)
• Keep the Docker images and host OS up to date
• Restrict the MSSQL port (1433) — it should not be exposed to the public internet