We currently support the following versions with security updates:

We take security seriously. If you discover a security vulnerability, please follow these steps:

Please do not open a public GitHub issue for security vulnerabilities.

Email us at security@cloudshell.dev with:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial assessment: Within 5 business days
• Fix timeline: Based on severity
  • Critical: 7 days
  • High: 14 days
  • Medium: 30 days
  • Low: 60 days

We follow responsible disclosure:

• We'll work with you to understand and fix the issue
• We'll credit you in the security advisory (unless you prefer anonymity)
• We'll publicly disclose after the fix is released

1. Keep your browser updated: Ensure you're using the latest browser version
2. Use strong authentication: Enable MFA on your Cloudflare account
3. Report suspicious activity: Contact us if you notice unusual behavior

1. No any types: All code must use strict TypeScript
2. Input validation: All user inputs are validated and sanitized
3. Security headers: CSP, HSTS, and other headers are enforced
4. Rate limiting: Requests are rate-limited to prevent abuse

CloudShell implements the following security measures:

• CSWSH Protection: Origin validation on WebSocket connections
• CSP Headers: Strict Content Security Policy with nonces
• Rate Limiting: 10 req/min WebSocket, 30 req/min HTTP
• Input Validation: All inputs validated and sanitized
• Session Timeouts: 30-minute idle timeout
• No any types: Full TypeScript strict mode

• OWASP Top 10
• Cloudflare Security
• MDN Web Security