EnderHaven

Security Notice

Account safety guidance and responsible reporting for security vulnerabilities.

Security Notice

Protect your account

Use a unique password, enable passkeys when available, protect your email account, and never share one-time codes. Review the domain before entering credentials. Official EnderHaven pages use enderhaven.com.

Protect API and payment credentials

Client secrets, server keys, SMTP passwords, webhook secrets, and private tokens must never be posted in project files, screenshots, public repositories, support chats, or comments. Rotate any secret that may have been exposed.

Responsible disclosure

Send vulnerability reports to security@enderhaven.com with:

  • A clear description of the issue
  • Affected URL or feature
  • Reproduction steps
  • Expected and actual behavior
  • Potential impact
  • Screenshots or a minimal proof of concept when safe

Do not access data that is not yours, disrupt production services, perform denial-of-service testing, send spam, or publicly disclose an unresolved vulnerability.

Suspicious project files

Do not run a suspicious download on a production server. Preserve the project URL and version information, then submit a report through the website. EnderHaven may temporarily disable access while a file is reviewed.

No guaranteed bounty

Submitting a report does not create a right to payment. Any recognition or reward is decided separately by EnderHaven.

Discover
Choose a project category
Project types
Plugins, mods, shaders, resources, and more
Categories
Explore projects by purpose and gameplay
Search all projects
Search by project name or summary
Main menu