We release patches for security vulnerabilities for the following versions:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take the security of FlowScope seriously. If you discover a security vulnerability, please follow these steps:
Please do not create a public GitHub issue for security vulnerabilities.
Send details of the vulnerability to: security@pondpilot.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (if available)
- We will acknowledge receipt within 48 hours
- We will provide an initial assessment within 5 business days
- We will work with you to understand and address the issue
- We will release a fix as soon as possible
We will coordinate with you on the timing of public disclosure after a fix is available.
When using FlowScope:
- Input Validation: Always validate and sanitize SQL input before passing to FlowScope
- Dependency Updates: Keep FlowScope and its dependencies up to date
- Error Handling: Handle errors gracefully and avoid exposing sensitive information in error messages
- WASM Security: Be aware that WASM runs in the browser sandbox with the same origin policy
FlowScope is designed for SQL analysis and visualization. It is not intended for:
- Executing SQL against production databases
- Handling sensitive credentials or connection strings
- Production ETL or data processing
Security updates will be released as patch versions and announced via:
- GitHub Security Advisories
- Release notes
- Project README
Thank you for helping keep FlowScope secure!