We take security seriously. If you discover a security vulnerability in Laravel Persian Validation, please report it responsibly.
DO NOT open a public GitHub issue for security vulnerabilities.
Instead, please send an email to:
- Email: [email protected]
- Subject: [SECURITY] Laravel Persian Validation - [Brief Description]
Please include the following information in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Suggested fix (if you have one)
- Your contact information for follow-up
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 1 week
- Status Update: Every week until resolved
- Resolution: Depends on severity and complexity
Security researchers who responsibly report vulnerabilities will be:
- Credited in the security advisory (unless they prefer to remain anonymous)
- Mentioned in our Hall of Fame (if applicable)
- Thanked publicly after the issue is resolved
- Keep Updated: Always use the latest version of the package
- Review Dependencies: Regularly audit your composer dependencies
- Input Validation: Use this package for validation, but also implement proper input sanitization
- Error Handling: Don't expose sensitive validation logic in error messages
- Secure Coding: Follow OWASP secure coding guidelines
- Input Validation: Validate all inputs thoroughly
- Dependencies: Keep dependencies updated and secure
- Testing: Include security test cases
We're particularly interested in reports about:
- Input Validation Bypass: Ways to bypass validation rules
- Regular Expression DoS: ReDoS vulnerabilities in regex patterns
- Information Disclosure: Leaking sensitive information through error messages
- Dependency Vulnerabilities: Issues in third-party dependencies
| Version | Supported |
|---|---|
| 3.3.x | β Yes |
| 3.2.x | β Yes |
| 3.1.x | |
| < 3.1 | β No |
Security updates will be released as patch versions (e.g., 3.3.1) and will be:
- Documented in CHANGELOG.md
- Announced in GitHub releases
- Published to Packagist immediately
If you're a security company or researcher interested in a more formal security partnership, please contact us at [email protected].
Thank you for helping keep Laravel Persian Validation secure! π‘οΈ