Found a security issue in fli.so? Let's fix it ASAP:
- DO NOT disclose publicly
- Email [email protected] with:
- What's broken
- How to reproduce
- Potential impact
- Fix ideas (if you have any)
- 2 hours: Initial response
- 24 hours: Assessment & action plan
- 48 hours: Fix implementation target
We're a startup - we move fast on security issues.
✅ In Scope:
- fli.so web app
- API endpoints
- Auth systems
- URL shortening
- PocketBase instance
- Data handling
❌ Out of Scope:
- Third-party services
- Physical access required
- Social engineering
- DOS/DDOS
- Automated scanner results
- HTTPS everywhere
- Input validation
- XSS protection
- CSRF protection
- Rate limiting
- Data encryption
- Secure sessions
Latest version only - we move fast.
We'll credit security researchers who help us (with permission).
Questions? [email protected]