The following versions of the library are currently supported with security updates:
| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability within this project, please send an email to the security team at security@maatify.dev. All security vulnerabilities will be promptly addressed.
Please do not open public issues for security vulnerabilities.
We ask that you do not publicly disclose the issue until we have had a chance to address it. We will make every effort to resolve the issue in a timely manner.
This library provides the following security guarantees:
- Severity Integrity: Critical system errors (5xx) cannot be accidentally masked or downgraded to client errors (4xx) by wrapping them in business logic exceptions.
- Taxonomy Enforcement: Error categories are immutable and strictly typed, preventing attackers from manipulating error responses to hide system failures.
- Strict Typing: All exception handling relies on strict PHP typing, minimizing the risk of type confusion vulnerabilities.
The following are considered out of scope for this library:
- Transport Layer Security: This library does not handle HTTP transport or TLS encryption.
- Web Framework Integration: While compatible with any framework, security issues arising from improper integration (e.g., exposing stack traces in production) are the responsibility of the application developer.
- Message Content: The library does not sanitize exception messages. Developers must ensure sensitive data is not included in exception messages.