The security of the apps maintained by RMUIF is incredibly essential. The code written for RMUIF is in production and secured primarily through Firebase Security Rules.

We offer only the rules necessary for the base app to function securely. Any custom features need to be covered by your own rules.

Previous versions of RMUIF apps supported updates via an upstream repository. With v3.0 and the move to Create React App templates, this is no longer possible. However, all apps using RMUIF, regardless of version, is supported with notifications on security updates.

Projects maintained by RMUIF use Dependabot to keep packages updated. We suggest you do the same for your project. It is easy to set up, and updates come in as pull requests. You also get notifications of vulnerabilities in packages you’re using.

If you think you have discovered a security vulnerability in the base app, do not hesitate to contact rmuif@phoqe.dev. Depending on the severity, it might be best to keep it from the public.