Please do not report security vulnerabilities through public GitHub issues.
To report a security vulnerability, please use GitHub's Security Advisories feature:
- Go to the Security tab
- Click "Report a vulnerability"
- Fill in the details
Alternatively, you can email security concerns to the maintainers listed in the README.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial response: Best effort
- We will work with you to understand and address the issue
- Public disclosure will be coordinated after a fix is available
When using crema:
- Validate cache keys to prevent injection attacks
- Use reasonable TTL values to avoid resource exhaustion
- Secure your cache provider (Redis/Memcached credentials, network access)
- Keep dependencies updated
- Review the security practices of any custom
CacheProviderorCacheStorageCodecimplementations