We actively support the following versions with security updates:

We take the security of Katya seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Please report security vulnerabilities if you discover:

• Cross-Site Scripting (XSS) vulnerabilities
• SQL Injection vulnerabilities
• Remote Code Execution (RCE) vulnerabilities
• Authentication bypass vulnerabilities
• Privilege escalation vulnerabilities
• Data exposure vulnerabilities
• Any other security issues that could compromise user data or system integrity

Please DO NOT report security vulnerabilities through public GitHub issues.

Instead, please report security vulnerabilities by emailing:

• security@katya.rechain.network

You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.

Please include the following information in your report:

1. Description: A clear description of the vulnerability
2. Steps to Reproduce: Detailed steps to reproduce the issue
3. Impact: Potential impact of the vulnerability
4. Affected Versions: Which versions are affected
5. Environment: Your environment details (OS, browser, etc.)
6. Proof of Concept: If possible, include a proof of concept
7. Contact Information: How we can reach you for follow-up questions

1. Acknowledgment: We will acknowledge receipt of your report within 24 hours
2. Investigation: We will investigate the issue and determine its severity
3. Updates: We will provide regular updates on our progress (at least weekly)
4. Fix Development: If confirmed, we will develop and test a fix
5. Disclosure: We will coordinate disclosure with you
6. Resolution: We will release the fix and publish a security advisory

Once a security vulnerability has been confirmed and fixed, we will:

1. Release a Security Advisory on GitHub
2. Update the Changelog with details about the fix
3. Notify Users through our communication channels
4. Update Dependencies if the issue was in a third-party library

We currently do not have a formal bug bounty program, but we greatly appreciate security researchers who help keep Katya safe. We may provide rewards or recognition for significant security contributions at our discretion.

We consider security research conducted in accordance with this policy to be authorized research. We will not pursue legal action against researchers who follow this policy, even if their research identifies vulnerabilities in our systems.

For any questions about this security policy, please contact:

• Email: security@katya.rechain.network
• PGP Key: Available at https://katya.rechain.network/pgp/security.asc

Thank you for helping keep Katya and our users secure!