| Version | Supported |
|---|---|
| 0.3.x | ✅ |
| 0.2.x | ✅ |
| < 0.2 | ❌ |
We take security seriously. If you discover a security vulnerability, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
- Email security@getmockd.com with details of the vulnerability
- Include steps to reproduce, if possible
- Include the version of mockd affected
- Acknowledgment: Within 48 hours of your report
- Initial Assessment: Within 7 days
- Resolution Timeline: Depends on severity, typically 30-90 days
- Disclosure: Coordinated with reporter after fix is available
The following are in scope:
- mockd core server (this repository)
- Official Docker images
- Official Helm charts
Out of scope:
- Third-party integrations
- Self-hosted instances with custom modifications
When running mockd in production:
- Do not expose the Admin API publicly - Use firewall rules or bind to localhost
- Use TLS - Enable HTTPS for all external traffic
- Enable mTLS - For high-security environments
- Review audit logs - Monitor for suspicious activity
- Keep updated - Apply security patches promptly