Security Transparency
Our commitment to security updates and vulnerability response
Security Update Policy
We take security seriously and are committed to transparency about how we handle vulnerabilities and security updates. This page documents our security practices, response timelines, and provides a changelog of security-related updates.
Vulnerability Response
When security vulnerabilities are identified in KEAMS or its dependencies, we follow a structured response process:
- Critical vulnerabilities: Patched within 24-48 hours of disclosure
- High severity: Patched within 1 week
- Medium/Low severity: Addressed in regular release cycles
- All patches are tested before deployment to ensure stability
Dependency Management
We actively monitor and maintain our dependencies to ensure security:
- Regular npm/pnpm audit scans for known vulnerabilities
- Automated Dependabot alerts for security advisories
- Critical dependencies updated within 48 hours of security advisory
- Quarterly review of all dependencies for security posture
Security Changelog
A record of security-related updates and patches applied to KEAMS:
| Date | Category | Description | Status |
|---|---|---|---|
| 2025-10-03 | Vulnerability | Critical Redis vulnerability CVE-2025-49844 does not affect our systems as we use Vercel KV (managed Upstash Redis). | Resolved |
| 2025-12-04 | Vulnerability | Critical vulnerability in Next.js App Router related to CVE-2025-55182. Patched by upgrading to Next.js 15.4.8. | Resolved |
| 2025-12-04 | Vulnerability | Critical remote code execution vulnerability in React Server Components affecting React 19.x. Patched by upgrading to React 19.1.2/19.2.1 and Next.js 15.4.8. | Resolved |
Reporting Security Issues
If you discover a security vulnerability in KEAMS, please report it to support@mail.kodydennon.com. We follow responsible disclosure practices and will respond within 48 hours.
Responsible Disclosure
Please allow us reasonable time to address vulnerabilities before public disclosure. We commit to keeping you informed throughout the process and will credit researchers who report valid vulnerabilities.