Skip to content

Security: Centre-for-Information-Technology-India/Kranti

SECURITY.md

Security Policy

Kranti handles sensitive civic reports and should be treated carefully.

Reporting a vulnerability

If you find a security issue, do not open a public issue. Contact the maintainers privately through the appropriate security channel for the repository or organization.

Include:

  • A short summary of the issue
  • The affected page, route, or workflow
  • Steps to reproduce
  • Any proof of concept or impact details

What to avoid in reports

  • Personal data that is not necessary to understand the issue
  • Public disclosure before a fix is ready
  • Sensitive credentials, tokens, or secrets in chat or screenshots

Scope

Security concerns include authentication, authorization, data exposure, file uploads, moderation, and any handling of sensitive user-submitted content.

There aren't any published security advisories