# Security Policy Evolution Foundation takes the security of Evolution API seriously. We appreciate your efforts to responsibly disclose any vulnerabilities you find. ## Reporting a Vulnerability **Please do NOT open a public GitHub issue for security vulnerabilities.** Instead, report them privately through one of the following channels: ### Preferred channels 1. **GitHub Private Vulnerability Reporting** — use the "Security" tab on this repository to submit a private advisory. 2. **Email** — send your report to **suporte@evofoundation.com.br** with the subject line `[SECURITY] Evolution API — `. ### What to include To help us triage and resolve the issue quickly, please include: - A clear description of the vulnerability - Steps to reproduce (proof of concept, if available) - Affected versions - Potential impact and severity assessment - Any suggested mitigation or fix - Your name and contact information (for credit, if desired) ## Response Timeline | Stage | Target | |---|---| | Initial acknowledgment | Within 48 hours | | Triage and validation | Within 5 business days | | Fix development | Depends on severity (1–30 days) | | Public disclosure | Coordinated with reporter after fix is released | ## Disclosure Policy We follow a coordinated disclosure model: 1. You report the vulnerability privately 2. We acknowledge receipt and begin triage 3. We work with you to understand and validate the issue 4. We develop, test, and release a fix 5. We publicly disclose the vulnerability and credit you (unless you prefer to remain anonymous) ## Supported Versions Security updates are provided for the latest released version. Older versions may receive critical security fixes at our discretion. ## Recognition We value the security research community. Researchers who responsibly disclose vulnerabilities will be: - Credited in the security advisory (with permission) - Listed in our acknowledgments page (when available) - Eligible for public recognition via Evolution Foundation channels --- For general inquiries (non-security): **suporte@evofoundation.com.br** For more information: [evolutionfoundation.com.br](https://evolutionfoundation.com.br)