We take security seriously and actively maintain security updates for the following versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability in Gaza Aid & Trust, please help us by reporting it responsibly.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by emailing:
- Email: security@gaza-aid-trust.org
- Subject:
[SECURITY] Vulnerability Report
When reporting a vulnerability, please include:
- Description: A clear description of the vulnerability
- Steps to Reproduce: Detailed steps to reproduce the issue
- Impact: Potential impact and severity of the vulnerability
- Environment: Browser, OS, and any other relevant environment details
- Proof of Concept: If possible, include a proof of concept or exploit code
- Contact Information: How we can reach you for follow-up questions
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Investigation: We will investigate the report and determine its validity
- Updates: We will provide regular updates on our progress (at least weekly)
- Resolution: Once resolved, we will notify you and coordinate disclosure timing
- Credit: With your permission, we will acknowledge your contribution in our security advisory
- We follow responsible disclosure practices
- We will work with you to determine an appropriate disclosure timeline
- We aim to resolve critical vulnerabilities within 90 days
- We will publish security advisories for confirmed vulnerabilities
We consider security research conducted in accordance with this policy to be authorized research. We will not pursue legal action against researchers who follow this policy.
This policy applies to:
- The Gaza Aid & Trust web application
- All official repositories under the Gaza Aid & Trust organization
- Associated APIs and services
This policy does not apply to:
- Third-party services and dependencies (please report to the respective maintainers)
- Social engineering attacks
- Physical security issues
- DDoS attacks
- Spam or abuse of services
- Keep your browser and operating system updated
- Use strong, unique passwords
- Enable two-factor authentication where available
- Be cautious with sharing personal information
- Report suspicious activity
- Follow secure coding practices
- Validate all inputs
- Use parameterized queries for database operations
- Implement proper authentication and authorization
- Keep dependencies updated
- Use environment variables for sensitive configuration
For security-related questions or concerns:
- Email: security@gaza-aid-trust.org
- PGP Key: Available upon request
Thank you for helping keep Gaza Aid & Trust secure! 🛡️