We are committed to maintaining the security of DumbBudget.

If you discover a security vulnerability in DumbBudget, please help us address it by following these steps:

1. Do not open a public issue for security vulnerabilities.

   • Instead, email us directly at [email protected].

2. Include the following details in your report:

   • A description of the vulnerability.
   • Steps to reproduce the issue (if applicable).
   • The potential impact of the vulnerability.
   • Any suggested fixes or patches (if available).

3. We will acknowledge your report within 48 hours and provide updates as we work to resolve the issue.

4. Once the issue is resolved, we will publicly disclose the details in a responsible manner, including crediting you (if you wish).

To ensure the security of your DumbBudget installation, we recommend the following best practices:

• Always use the latest version of the software.
• Regularly review and update dependencies.
• Protect sensitive environment variables and secrets (e.g., API keys).
• Use HTTPS to secure communication between services.

For any questions related to security, please reach out to us at [email protected].