The project is currently under development and no versions have been released yet. Once the first version is released, only the latest version will be supported with security updates.

If you discover a vulnerability, please follow these steps:

1. Open a new issue on our GitHub repository detailing the vulnerability. Please do not include any sensitive information in the issue.
2. You can also send an email to us at abdelhakzammii@gmail.com with as much detail as you can provide about the vulnerability.

• All passwords are hashed and salted.
• We use Spring Security for authentication and authorization.
• We limit login attempts to prevent brute force attacks.
• We use HTTPS for secure communication.
• We regularly update our dependencies to the latest versions to mitigate known vulnerabilities.
• We follow the principle of least privilege, meaning that a user should have the least amount of privilege necessary to perform their job functions.
• We sanitize all user inputs to prevent SQL injection and XSS attacks.
• We use JWT for stateless authentication.
• We use Firebase for secure cloud messaging.
• We use AWS Secrets Manager for managing secrets.
• We use MySQL as our database and ensure that it is securely configured.
• We use Hibernate Validator for bean validation.
• We use Thymeleaf for server-side Java template engine for web applications.
• We use Spring Boot DevTools for automatic restart and live reload during development.
• We use Spring Rest Docs for documentation of RESTful services.
• We use Spring Boot Starter Mail for email services.
• We use Spring Session Core for API session management.
• We use Spring Context Support for scheduling support and email support.
• We use Spring Boot Starter WebFlux for reactive programming.
• We use JSON for data interchange.
• We use Thymeleaf Layout Dialect for layout functionality in Thymeleaf templates.
• We use Spring Boot Starter Cache for caching abstraction.
• We use AWS SDK for Java for AWS integration.
• We use JJWT for JSON Web Token creation and verification.
• We use Firebase Admin SDK for integrating Firebase services.
• We use UserAgentUtils for parsing user agent strings.
• We use Spring Cloud AWS Secrets Manager Starter for AWS Secrets Manager integration.