We release patches for security vulnerabilities for the following versions:
| Version | Supported |
|---|---|
| 0.0.x | ✅ |
We take the security of this plugin seriously. If you discover a security vulnerability, please help us by reporting it responsibly.
Please do NOT open a public issue.
Instead, please report security vulnerabilities by:
- Email: Send details to [email protected]
- GitHub Security Advisory: Use the private vulnerability reporting feature
Please include the following information in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes or mitigations
- Your contact information (optional but helpful)
- Initial Response: Within 48 hours of receipt
- Status Update: Within 7 days with our assessment
- Fix Timeline: We aim to release a patch within 30 days for confirmed vulnerabilities
- Please give us reasonable time to address the vulnerability before any public disclosure
- We will credit you in the security advisory unless you prefer to remain anonymous
- We will coordinate with you on the disclosure timeline
When using this plugin:
- Development Only: This plugin is designed for development environments only and should not run in production
- Keep Updated: Regularly update to the latest version to receive security patches
- Dependency Updates: Keep your Strapi installation and dependencies up to date
- Access Control: Use Strapi's built-in RBAC to control who can access the Gen Types admin interface
- File System Access: This plugin writes files to your file system. Ensure proper permissions on the output directory.
- Production Safety: The plugin is disabled in production mode by default. Do not override this behavior.
- Type Generation: Generated types are based on your schema definitions. Ensure your schema doesn't expose sensitive information.
Thank you for helping keep this project and its users safe!