The following versions of the project are currently supported with security updates. We recommend using a supported version to ensure you receive the latest security patches.
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability in this project, we appreciate your help in disclosing it responsibly. Please follow these steps to report a vulnerability:
-
Where to Report:
- Email your findings to [email protected]. Include a detailed description of the vulnerability, steps to reproduce, and potential impact.
- Alternatively, use the GitHub Security Advisory feature to privately report the issue: Create a Security Advisory.
-
Response Time:
- You can expect an initial acknowledgment of your report within 48 hours.
- We aim to provide a detailed response and resolution plan within 7 business days.
-
What to Expect:
- If the vulnerability is accepted, we will work on a fix and release it in a timely manner, keeping you informed of the progress.
- If the vulnerability is declined (e.g., not applicable or low severity), we will provide a clear explanation of our reasoning.
- We may request additional information to verify or reproduce the issue.
-
Disclosure:
- We encourage responsible disclosure and will coordinate with you on when and how to publicly disclose the vulnerability after a fix is released.
- Credit will be given to reporters in our release notes unless you prefer to remain anonymous.
Please do not disclose the vulnerability publicly until we have had a chance to address it. Thank you for helping keep our project secure!