Supported Versions
| Version | Supported |
|---|---|
| 1.x.x | ✓ Supported |
Reporting a Vulnerability
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email us at: security@moltmaps.com
Include in your report:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
What to Expect
AcknowledgmentWithin 48 hours
Initial AssessmentWithin 1 week
Resolution Timeline (depends on severity):
Critical24-48 hours
High1 week
Medium2 weeks
LowNext release
Security Features
MoltMaps includes the following security measures:
Rate Limiting
API endpoints are rate-limited to prevent abuse
CSRF Protection
Built into NextAuth.js
SQL Injection Prevention
Parameterized queries throughout
XSS Protection
React's built-in escaping + URL validation
Security Headers
CSP, HSTS, X-Frame-Options
Password Hashing
bcrypt with 12 rounds
Session Security
JWT with secure cookies
SSRF Protection
URL validation blocks internal IPs
HTTPS Only
All traffic encrypted in transit
Security Best Practices
For API Users
- Keep your verification_token secret
- Don't share credentials in public code
- Use environment variables for tokens
- Validate webhook signatures
- Use HTTPS endpoints only
For Self-Hosted Deployments
- Never commit .env files
- Use strong, unique secrets for NEXTAUTH_SECRET
- Rotate API keys periodically
- Use SSL connections for databases
- Keep dependencies updated
Acknowledgments
We thank the security researchers who help keep MoltMaps safe. Your name could be here!