We actively support the following versions of Evolution Manager with security updates:

We take security vulnerabilities seriously. If you discover a security vulnerability in Evolution Manager, please help us by reporting it responsibly.

Please DO NOT create a public GitHub issue for security vulnerabilities.

Instead, please report security vulnerabilities by emailing us directly at:

📧 [email protected]

When reporting a vulnerability, please include:

1. Description: A clear description of the vulnerability
2. Steps to Reproduce: Detailed steps to reproduce the issue
3. Impact: What an attacker could achieve by exploiting this vulnerability
4. Affected Versions: Which versions of Evolution Manager are affected
5. Proof of Concept: If possible, include a proof of concept (but please be responsible)
6. Suggested Fix: If you have ideas for how to fix the issue

We are committed to responding to security vulnerability reports in a timely manner:

• Initial Response: Within 48 hours of receiving your report
• Status Updates: Every 7 days until the issue is resolved
• Resolution: We aim to resolve critical vulnerabilities within 30 days

We believe in recognizing security researchers who help make Evolution Manager safer:

• Hall of Fame: We maintain a security researchers hall of fame
• CVE Assignment: For significant vulnerabilities, we'll work with you on CVE assignment
• Public Recognition: With your permission, we'll publicly acknowledge your contribution

When using Evolution Manager, we recommend:

1. Keep Updated: Always use the latest supported version
2. Secure Configuration: Follow our security configuration guidelines
3. Network Security: Use HTTPS and proper network security measures
4. Access Control: Implement proper authentication and authorization
5. Regular Audits: Conduct regular security audits of your deployment

• Security Documentation: [Link to security docs when available]
• Security Checklist: [Link to security checklist when available]
• Best Practices Guide: [Link to best practices when available]

We follow responsible disclosure practices:

1. Private Report: You report the vulnerability privately
2. Investigation: We investigate and develop a fix
3. Coordination: We coordinate with you on disclosure timing
4. Public Disclosure: We publicly disclose the vulnerability after a fix is available

This security policy is designed to be compatible with responsible security research. We will not pursue legal action against researchers who:

• Follow this responsible disclosure process
• Do not access or modify user data beyond what's necessary to demonstrate the vulnerability
• Do not perform testing on production systems without permission
• Do not engage in activities that could harm our users or services

Thank you for helping keep Evolution Manager and our community safe! 🙏

Evolution Manager Security Team 📧 [email protected] 🌐 https://github.com/EvolutionAPI/evolution-manager-v2