Skip to content

Security: Derssa/Torollo

Security

SECURITY.md

Security Policy

Supported Versions

Only the latest main branch and the most recent release receive security updates.

Version Supported
1.0.x
< 1.0

Network Exposure Defaults

The backend binds to loopback (127.0.0.1) by default and restricts cross-origin requests to local origins. Torollo has no authentication; see the "Self-Hosting & Network Exposure" section of the README before exposing it to a network.

Reporting a Vulnerability

Please do not open a public issue for security vulnerabilities. Instead, report them privately by emailing youssefmoinou@gmail.com.

We take all security vulnerabilities seriously and will aim to acknowledge your report within 48 hours. We will then work on providing a patch or an update as quickly as possible.

There aren't any published security advisories