We take security seriously at Crystal Studio Labs. This document outlines our security policy and guidelines for reporting vulnerabilities responsibly.
If you discover a security vulnerability in any of our projects, please do not open a public GitHub issue. Instead:
- Email: connect.crystalstudio@gmail.com
- Subject Line:
[SECURITY] Vulnerability Report - [Project Name]
- Project name and affected version(s)
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Suggested fix (if you have one)
We will acknowledge receipt within 48 hours and provide a status update within 7 days.
- β Zero-dependency design \u2014 We minimize external dependencies to reduce attack surface
- β Clean, auditable code \u2014 Simple code is easier to review and maintain securely
- β Regular updates \u2014 We maintain and update projects regularly
- β Transparency \u2014 We disclose security issues openly after fixes are released
- β Community focus \u2014 We value responsible disclosure and community feedback
- Confirm the vulnerability and understand its scope
- Develop a fix without public disclosure
- Test the fix thoroughly
- Release a patched version
- Announce the vulnerability and patch through release notes
- Credit the researcher (if they wish to be credited)
| Project | Version | Status | Security Patches |
|---|---|---|---|
| MenuForge | 1.2.0+ | Active | Yes, for 24 months |
| CrystalSystem.js | 1.0.0+ | Active | Yes, for 24 months |
| InkMD | Latest | Active | Yes, ongoing |
| Orion-Net | 1.0.2+ | Active | Yes, for 24 months |
| Orion-Deck | 1.0.2+ | Active | Yes, for 24 months |
| crystal-auth | Alpha | Early Access | Best-effort |
Legacy versions (more than 24 months old) are no longer supported. We recommend upgrading to the latest version.
We use the following practices to maintain security:
- Dependency review β We regularly audit our dependencies
- Code review β All changes go through peer review
- Minimal dependencies β We prefer zero-dependency designs where possible
- License compliance β We respect open-source licenses and comply with legal requirements
If there are any known security issues, they will be listed here with mitigation strategies.
Currently, no known security issues are documented.
If you have security-related questions that aren't vulnerability reports:
- Discord: Join our community
- Email: connect.crystalstudio@gmail.com
- GitHub Discussions: Crystal-Studio-Labs/discussions
We encourage all contributors to:
- Follow secure coding practices
- Report vulnerabilities responsibly
- Review code critically
- Suggest security improvements
- Stay updated with security advisories
Thank you for helping keep Crystal Studio Labs secure! π
Made with β€οΈ by the Crystal Studio Labs community
Β© 2026 Crystal Studio Labs. All rights reserved.