We take security seriously in TurboAPI. The following versions are currently supported with security updates:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability in TurboAPI, please report it responsibly:
- Do NOT create a public GitHub issue for security vulnerabilities
- Send an email to: security@turboapi.dev (or the project maintainer)
- Include the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes (if available)
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Assessment: We will assess the vulnerability and determine its severity within 5 business days
- Updates: We will provide regular updates on our progress
- Resolution: We aim to resolve critical vulnerabilities within 30 days
- Credit: We will credit you in our security advisory (unless you prefer to remain anonymous)
When using TurboAPI, please follow these security best practices:
- Keep Dependencies Updated: Regularly update TurboAPI and its dependencies
- Secure Configuration: Review and secure your
pyproject.tomlconfiguration - Input Validation: Always validate user inputs in your controllers
- Database Security: Use parameterized queries and proper authentication
- Cache Security: Be mindful of sensitive data in cache systems
- Environment Variables: Store sensitive configuration in environment variables
TurboAPI includes several security features:
- Dependency Injection: Helps prevent injection attacks through proper abstraction
- Type Safety: Strong typing reduces runtime vulnerabilities
- Configuration Management: Centralized and validated configuration
- Cache Isolation: Separate sync/async cache architectures prevent cross-contamination
Security advisories will be published in the project's GitHub Security tab and in release notes.
For security-related questions or concerns, contact:
- Email: security@turboapi.dev
- Project Maintainer: [GitHub Profile]
Thank you for helping keep TurboAPI secure!