| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take security seriously at HireSync. If you discover a security vulnerability, please follow these steps:
- DO NOT create a public GitHub issue
- Email [email protected] with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
We will acknowledge receipt within 24 hours and aim to:
- Confirm the vulnerability within 72 hours
- Release a patch within 7 days for critical issues
When deploying HireSync:
-
Azure AD Configuration
- Use least-privilege access
- Enable MFA for admin accounts
- Regular access reviews
-
Logic Apps Security
- Use managed identities
- Secure parameter handling
- Regular secret rotation
-
Resource Management
- Use RBAC effectively
- Monitor resource access
- Regular security audits
-
Data Protection
- Encrypt sensitive data
- Use secure communication
- Regular backup verification
HireSync implements:
- Azure AD authentication
- Role-based access control
- Audit logging
- Encryption at rest
- Secure API communication
- GDPR compliant
- SOC 2 compatible
- ISO 27001 aligned
Security updates are released as:
- Patch versions for critical fixes
- Minor versions for non-critical updates
Stay updated by:
- Watching our repository
- Following our security announcements
- Subscribing to our newsletter