We support security updates for the current main branch and active releases of Agri-Vision.
| Version | Supported |
|---|---|
| Main | ✅ |
| >= 1.0 | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability within this project, please do not disclose it publicly. Instead, report it through one of the following methods:
- GitHub Security Advisories: Submit a draft advisory via the Security tab of the repository.
- Contact Maintainers: Reach out directly to the repository maintainers or file a private issue if supported.
We will acknowledge your report within 48 hours and work with you to resolve the vulnerability in a timely manner.
Password logins are protected by persistent account lockout metadata on the user record. Failed password attempts increment a counter, record the failed timestamp/IP, and temporarily lock the account when the configured threshold is reached. Successful login resets the counter, clears lockout state, and records successful login metadata.
Default policy:
ACCOUNT_LOCKOUT_ENABLED=trueMAX_FAILED_LOGIN_ATTEMPTS=5LOCKOUT_DURATION_MINUTES=15ENABLE_SECURITY_AUDIT=true
Expired lockouts are cleared on the next login attempt, so no cron job is required. Security events are emitted through the existing audit logger using actions such as AUTH_FAILED, ACCOUNT_LOCKED, ACCOUNT_UNLOCKED, and AUTH_SUCCESS.