This project is a personal reference implementation. Only the latest commit on the main branch is supported.

Please do not report security vulnerabilities through public GitHub issues.

If you discover a security vulnerability, please report it privately via GitHub's private vulnerability reporting.

Include as much of the following as possible:

• Type of issue (e.g. injection, authentication bypass, information disclosure)
• Steps to reproduce
• Affected file(s) and line numbers
• Any proof-of-concept or exploit code
• Impact assessment

You can expect an acknowledgement within 7 days and a resolution or status update within 30 days.

This is a demonstration project and is not intended for production use. Known limitations include:

• No authentication or authorization
• No input validation beyond basic model binding
• Development configuration exposes Redis and Elasticsearch without credentials

If you find a vulnerability in the demonstrated pattern itself (cache-aside with Redis/Elasticsearch), that is still worth reporting.

• Vulnerabilities in third-party dependencies (report those to the respective projects)
• Issues only reproducible with non-default or production configurations not present in this repo