kubemq 1.0.0

KubeMQ Rust SDK - Message broker client for events, commands, queries, and queues
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

# Security Policy

## Supported Versions

| Version | Supported |
|---------|-----------|
| 1.0.x | Yes |

## Reporting a Vulnerability

If you discover a security vulnerability, please report it responsibly:

1. **Do not** open a public GitHub issue
2. Email security@kubemq.io with:
   - Description of the vulnerability
   - Steps to reproduce
   - Impact assessment
   - Any suggested fixes

We will acknowledge receipt within 48 hours and provide a timeline for a fix.

## Security Features

- **TLS/mTLS:** All connections can be secured with TLS 1.2+ via rustls
- **Authentication:** Auth token support via gRPC metadata
- **Credential Provider:** Pluggable token refresh with expiration handling
- **No unsafe code:** The SDK does not use `unsafe` blocks
- **Dependency auditing:** `cargo audit` runs in CI via rustsec/audit-check

## Dependencies

We monitor dependencies for known vulnerabilities using:

- `cargo audit` in CI
- Dependabot alerts on GitHub
- Minimal dependency footprint

## Best Practices

- Always use TLS in production
- Rotate auth tokens regularly
- Use the `CredentialProvider` trait for dynamic token management
- Keep the SDK updated to the latest version