Performance - v1.0.0

Security

Security policy and per-release audit reports for the artisanpack-ui/performance package.

Reference Pages

  • security/audit-1.0.0 — Pre-release security audit for v1.0.0 (input validation, output escaping, authorization, file security, cache security, configuration security, code hygiene)

Reporting a Vulnerability

If you discover a security issue, please email me@jacobmartella.com directly rather than opening a public GitHub issue. You will receive an acknowledgement within two business days and a fix or mitigation plan in the following release.

Audit Cadence

Every major and minor release goes through a manual security review covering:

  • Input validation at every ingress (HTTP endpoints, Blade directive arguments, Livewire actions)
  • Output escaping in all Blade templates (both {{ }} and {!! !!} cases)
  • Authorization gates on admin surfaces (the performance dashboard is gate-protected out of the box)
  • File-path handling in image and cache pipelines
  • Cache key composition (no user-controlled cache keys without normalization)
  • Configuration surface — every option that touches an executable path or query is documented in the config file itself

Audit results are recorded per release under security/.

Known Advisories

None as of v1.0.0.