We release patches for security vulnerabilities as needed.
Please ensure you are always using the latest stable version of this scaffold.
| Version | Supported |
|---|---|
| Latest (main) | β |
| Older tags | β |
We take the security of this project seriously.
If you discover a security vulnerability, please do not open a public issue.
Instead, report it directly by emailing:
π§ [email protected]
We will acknowledge your report within 48 hours, and you can expect a more detailed response within 5 business days, including a timeline for a fix.
- We ask that you keep vulnerabilities and security issues private until they are fixed.
- Coordinated disclosure ensures users have time to update and are not exposed to active exploits.
- Once resolved, we will publish a Security Advisory on GitHub to document the fix.
To keep the scaffold secure, please follow these guidelines when contributing:
- Never commit private keys, secrets, or API tokens.
- Validate and sanitize all user inputs in Move/TypeScript code.
- Write tests for new functionality, especially for smart contract changes.
- Follow the Code of Conduct.
Your efforts to responsibly disclose vulnerabilities help keep the Aptos ecosystem safe for everyone.