| Version | Supported |
|---|---|
| 0.x.x | ✅ (development) |
If you discover a security vulnerability in FormBD, please report it responsibly:
- Do NOT open a public GitHub issue
- Email security concerns to the maintainers
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
FormBD is designed with security as a core principle:
- All mutations are journaled before commitment
- Full provenance tracking for all data
- Deterministic rendering for human verification
- Every operation has a defined inverse
- Irreversible operations are explicitly marked
- Complete history is preserved
- Constraints are enforced at the bridge layer
- Rejections include explanations
- No silent failures
- Dependencies are pinned to specific versions/SHAs
- All workflows use SHA-pinned GitHub Actions
- SPDX license headers on all source files