We actively support the following versions of Site Manager:

We take security seriously. If you discover a security vulnerability, please follow these steps:

Security vulnerabilities should not be reported publicly to avoid potential exploitation.

• Email: Send details to the repository owner via GitHub
• GitHub Security: Use GitHub's private vulnerability reporting feature
• Include: Detailed description, steps to reproduce, potential impact

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact and exploitation scenarios
• Suggested fix (if you have one)
• Your contact information

• Acknowledgment: Within 48 hours
• Initial assessment: Within 1 week
• Fix timeline: Varies based on severity and complexity
• Disclosure: After fix is released (coordinated disclosure)

When using Site Manager:

• Keep your system updated: sudo apt update && sudo apt upgrade
• Use strong passwords for database users
• Configure UFW firewall properly
• Regular security audits of your server

• Use Let's Encrypt for production domains
• Keep certificates updated
• Monitor certificate expiration
• Use strong cipher suites (Site Manager configures these automatically)

• Follow Site Manager's permission recommendations
• Avoid running with unnecessary root privileges
• Regular permission audits for web directories

• Use strong database passwords
• Limit database user privileges
• Regular database backups
• Consider encryption for sensitive data

Site Manager requires sudo/root privileges for:

• Installing system packages
• Configuring web server
• Managing SSL certificates
• Setting file permissions

Mitigation: Only run Site Manager on systems you control and trust.

Site Manager creates and modifies files in:

• /etc/nginx/ - Web server configuration
• /var/www/ - Web content
• /etc/ssl/ - SSL certificates
• /etc/hosts - Domain resolution

Mitigation: Review generated configurations before deployment.

Site Manager makes network requests to:

• GitHub API (for updates)
• Let's Encrypt servers (for SSL certificates)
• Package repositories (for software installation)

Mitigation: Use on trusted networks and verify SSL certificates.

The new enhanced installer includes additional security measures:

• File verification: Post-download integrity checks
• Dependency validation: Secure installation of required packages
• Error handling: Prevents incomplete installations that could compromise security
• Source verification: Downloads only from official GitHub Releases

Security Note: The installer downloads from both raw.githubusercontent.com (installer script) and GitHub Releases (main application), both secured with HTTPS and GitHub's security infrastructure.

Security updates will be released as:

1. Critical: Immediate patch release
2. High: Within 1 week
3. Medium: Next minor version
4. Low: Next major version

Subscribe to releases on GitHub to stay informed about security updates.

We appreciate security researchers who help improve Site Manager's security. Contributors will be acknowledged in release notes (with permission).

For security-related questions that are not vulnerabilities:

• Open a GitHub Discussion
• Tag with "security" label
• Check existing security documentation

Thank you for helping keep Site Manager secure! 🔒