We actively support and provide security updates for the following versions:

We take the security of TeachSpark seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please report them via GitHub's private vulnerability reporting feature:

1. Go to the Security tab of this repository
2. Click "Report a vulnerability"
3. Fill out the form with as much detail as possible

Alternatively, you can email security concerns to: Create a GitHub issue and mark it as security-related.

Please include the following information in your report:

• Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit the issue

• Initial Response: Within 48 hours
• Status Update: Within 1 week
• Resolution Timeline: Varies based on complexity and severity

We appreciate security researchers and will acknowledge your contribution in:

• Security advisories (if you wish to be credited)
• Project documentation
• Special thanks in release notes

When contributing to TeachSpark, please follow these security best practices:

• Validate all user inputs
• Use parameterized queries to prevent SQL injection
• Implement proper authentication and authorization
• Follow OWASP security guidelines
• Use HTTPS for all communications
• Implement proper error handling without exposing sensitive information

• Keep all dependencies up to date
• Regularly audit dependencies for known vulnerabilities
• Use tools like npm audit for Node.js dependencies
• Monitor security advisories for .NET packages

• Encrypt sensitive data at rest and in transit
• Implement proper access controls
• Follow data minimization principles
• Ensure compliance with applicable privacy regulations

• OWASP Top 10
• Microsoft Security Development Lifecycle
• Node.js Security Best Practices
• ASP.NET Core Security Documentation

Security updates will be released as needed and will be clearly marked in:

• Release notes
• Security advisories
• GitHub releases with security tags

Users are strongly encouraged to update to the latest version as soon as security updates are available.

Thank you for helping keep TeachSpark and our users safe! 🛡️