Skip to content

Security: AbacatePay/documentation

Security

SECURITY.md

Security Policy

At AbacatePay, we take security seriously and are committed to protecting our users, partners, and the open-source community that relies on our libraries, SDKs, and tools.

This document describes how to responsibly report security vulnerabilities found in any AbacatePay open-source project.

Reporting a Vulnerability

If you discover a security vulnerability, do not open a public GitHub Issue.

Instead, report it through one of the following channels:

When reporting a vulnerability, please include as much detail as possible:

  • A clear and concise description of the issue
  • Steps to reproduce (if applicable)
  • Potential impact and affected components
  • Any known mitigations or suggested fixes

Response Process

Once a vulnerability is reported:

  • We will acknowledge receipt within 48 business hours
  • The report will be reviewed and triaged by the maintainers
  • A fix will be developed based on severity and impact
  • We will coordinate a responsible disclosure after a fix is available

Timelines may vary depending on complexity and severity, but we aim to act as quickly and transparently as possible.

Responsible Disclosure

We kindly ask that you do not publicly disclose any vulnerability until we have had the opportunity to investigate and address it.

We strongly support and appreciate responsible disclosure practices and collaboration with security researchers.

Credentials and Secrets

Accidental exposure of API keys, tokens, secrets, or other sensitive credentials is considered critical severity.

If you believe credentials have been leaked:

  • Report the issue immediately using the channels above
  • Avoid sharing the exposed data publicly
  • Revoke or rotate the affected credentials as soon as possible

Scope

This security policy applies to all repositories and packages maintained under the AbacatePay GitHub organization, including all open-source libraries, SDKs, and tools.

Acknowledgements

We appreciate the efforts of security researchers and contributors who help keep the AbacatePay ecosystem secure.

Thank you for helping us improve the safety and reliability of our software. 🥑

There aren’t any published security advisories