This project maintains security updates for the following versions:
| Version | Supported |
|---|---|
| Latest (main branch) | ✅ |
| Previous release | ✅ |
| Older releases | ❌ |
Note: As this is an active game project, we recommend always using the latest version from the main branch for the best security and features.
We take security seriously and appreciate your help in keeping Turn-Based Tank Tactics secure for all players.
For security vulnerabilities, please do NOT create a public issue. Instead:
- Email: Send details to [security@your-domain.com] (replace with actual contact)
- Include:
- Detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested fixes (if you have them)
- Response Time: We aim to acknowledge receipt within 48 hours
- Initial Assessment: Within 5 business days, we'll provide an initial assessment
- Updates: We'll provide status updates at least weekly during investigation
- Resolution: Timeline depends on severity, but we prioritize security fixes
- Authentication bypasses (Firebase auth issues)
- Client-side data manipulation that affects game integrity
- Cross-site scripting (XSS) vulnerabilities
- Privacy issues with user data handling
- Unauthorized access to player accounts or game data
If Accepted:
- We'll work on a fix and coordinate disclosure timing with you
- You'll be credited in our security acknowledgments (if desired)
- We'll notify you when the fix is deployed
If Declined:
- We'll explain why we don't consider it a security vulnerability
- We may still address it as a regular bug if applicable
- Keep your browser updated
- Use strong, unique passwords for your game account
- Don't share account credentials
- Report suspicious behavior or potential cheating
This security policy covers:
- The main game application
- Authentication and user management systems
- Data handling and privacy protections
- Client-side security measures
Out of Scope:
- Third-party dependencies (report directly to their maintainers)
- Social engineering attacks
- Physical access to user devices
Thank you for helping keep our game secure! 🛡️🎮