Please do not open GitHub issues or pull requests - this makes the problem immediately visible to everyone, including malicious actors.
Security issues in this open-source project can be safely reported to Tatum's HelpDesk.
Tatum's security team will triage your report and respond according to its impact on Tatum users and systems.
All API calls use SSL by default. For security reasons, please never set CURLOPT_SSL_VERIFYPEER = 0 or CURLOPT_SSL_VERIFYHOST = 0 in cURL requests.
If you receive an ApiException related to SSL, please make sure you have configured your cURL and SSL correctly.
- Download cacert.pem or use the one that came with your PHP installation
- Edit
php.iniand set the following:curl.cainfo= "{path to cacert.pem}"openssl.cafile= "{path to cacert.pem}"
Never disclose your Tatum API keys and never use them in plain-text in your code.
❌ BAD
new \Tatum\Sdk('mainnet-key', 'testnet-key');✅ GOOD
// Keys passed as environment variables
new \Tatum\Sdk(getenv('TATUM_MAINNET_KEY'), getenv('TATUM_TESTNET_KEY'));
// Keys loaded from an external source
new \Tatum\Sdk($tatumMainnetKey, $tatumTestnetKey);The following releases are currently being supported for security updates:
| Version | Supported |
|---|---|
| 2.x.x | ✅ |
| 1.0.x | ❌ |
Please switch to one of the supported versions as soon as possible.