Supported Versions
Security fixes are released for the latest published minor version.
Reporting a Vulnerability
Please do not open public issues for security reports.
Use GitHub private vulnerability reporting when available, or contact the maintainers through the repository owner organization. Include:
- affected version
- impact
- reproduction steps
- any relevant request/response shape with credentials and personal data removed
We will acknowledge valid reports, coordinate a fix privately and publish a patched release when needed.
Credential Handling
FactorialHR accepts API keys and bearer access tokens at runtime. The
library does not store credentials, refresh tokens or tenant data.
Never include real Factorial credentials, employee data or customer payloads in issues, pull requests, tests or documentation.