Skip to content

Security: Maatify/common

Security

SECURITY.md

πŸ›‘οΈ Security Policy

Maatify Repository Maatify Ecosystem

This document describes the security procedures and policies for maatify/common. We take the security of our ecosystem seriously, and we appreciate any responsible disclosure that helps keep our libraries, users, and integrations safe.

πŸ“¬ Reporting a Vulnerability

If you discover a security vulnerability, please DO NOT open a public issue.

Instead, contact us directly via the secure channels:

When reporting a vulnerability, please include:

  1. A clear description of the issue
  2. Steps to reproduce
  3. Affected versions or components
  4. Potential impact
  5. Possible mitigation ideas (if any)

We aim to acknowledge all reports within 48 hours.

πŸ”’ Supported Versions

Only the latest major/minor versions receive security updates.

Version Status
1.x 🟒 Active security support
0.x (legacy) πŸ”΄ No longer supported

If you depend on an unsupported version, please upgrade as soon as possible.

🚨 Severity Levels

We classify security issues using four levels:

Level Description
Critical Allows remote code execution, credential leaks, or severe data exposure
High Authentication bypass, privilege escalation, or data corruption
Medium Information disclosure, insufficient validation, partial denial-of-service
Low Minor bugs with limited or no practical impact

πŸ› οΈ Handling Process

Once a vulnerability is reported:

  1. Initial review β€” We investigate and confirm the issue.
  2. Internal tracking β€” The issue is logged privately.
  3. Patch development β€” A secure fix is prepared and tested.
  4. Coordinated release β€” A patched version is published.
  5. Disclosure β€” A security advisory (GHSA) is published on GitHub, if applicable.

We do not reveal reporter identity unless explicitly permitted.

πŸ” Security Best Practices for Users

To keep your integration secure:

  • Always use the latest stable version of the library.
  • Never expose .env files or configuration data.
  • Use secure DSNs with strong passwords.
  • Follow PSR-12 and Maatify best practices for token handling.
  • Validate and sanitize all user input before passing to your app.
  • Review your CI/CD configuration for secret leaks.

🀝 Responsible Disclosure

We fully support and encourage responsible vulnerability disclosure. If you follow the guidelines above, you will always receive fair, respectful, and prompt communication from the maintainers.

πŸ›οΈ Legal

  • Do not perform tests that violate applicable laws.
  • Do not perform actions that could disrupt production services.
  • Do not access data that does not belong to you.

🧩 maatify/common β€” Core Utilities, DTOs & Standards for the Maatify Ecosystem
Β© 2025 Maatify.dev β€’ Maintained by Mohamed Abdulalim (@megyptm)

Β© 2025 Maatify.dev
Engineered by Mohamed Abdulalim (@megyptm) β€” https://www.maatify.dev

πŸ“˜ Full documentation & source code:
https://github.com/Maatify/common

Built with ❀️ by Maatify.dev β€” Unified Ecosystem for Modern PHP Libraries

There aren’t any published security advisories