The Tegal Dev CMS team is dedicated to ensuring the security of our application and the privacy of our users. This document outlines our security practices and provides guidance on how to report security vulnerabilities to us.

We regularly update the Tegal Dev CMS to address security vulnerabilities. The following versions of Tegal Dev CMS are currently supported with security updates:

• Version 1.2.x
• Version 1.1.x
• Version 1.0.x

If you discover a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner. To report a vulnerability, please follow these steps:

1. Do not publicly disclose the vulnerability: Avoid discussing vulnerabilities in public forums, GitHub issues, or other public channels.

2. Contact us directly: Send an email to our security team at contact@tegal.dev. Include the following information:

   • A description of the vulnerability.
   • Steps to reproduce the issue.
   • Potential impact of the vulnerability.
   • Any available fixes or mitigations.

3. Confirmation and follow-up: You will receive a confirmation email from our security team acknowledging receipt of your report. We will investigate the issue and keep you updated on our progress.

4. Credit: If you provide your name and contact information, we will acknowledge your contribution in our release notes unless you prefer to remain anonymous.

1. Assessment: Upon receiving a vulnerability report, our security team will assess the severity and impact of the issue.

2. Resolution: We will prioritize and work on a fix for the vulnerability. Our development team will create and test patches.

3. Release: We will release the security patch in a timely manner. Release notes will include information about the vulnerability, credits to the reporter (if applicable), and instructions for updating to the patched version.

4. Notification: We will notify users of the new release through our usual communication channels, including our GitHub repository, mailing list, and social media accounts.

To help protect your instance of Tegal Dev CMS, we recommend the following best practices:

• Keep your software up to date: Regularly update to the latest version of Tegal Dev CMS to benefit from security fixes and improvements.
• Use strong, unique passwords: Ensure that all user accounts have strong and unique passwords.
• Enable two-factor authentication (2FA): If available, enable 2FA for all accounts.
• Review and apply security settings: Regularly review and configure security settings according to your needs.

If you have any questions or need further assistance, please contact our security team at contact@tegal.dev.

Thank you for helping us maintain the security of Tegal Dev CMS.

This Security Policy is subject to change without notice. Please review it periodically for updates.

Last updated: June 25, 2024