We take security seriously and aim to support the latest stable versions of our project. Below is a list of the versions currently supported with security updates:
| Version | Supported |
|---|---|
| 1.x | ✅ |
| 0.x | ❌ |
If you discover a security vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. Please follow the guidelines below for reporting vulnerabilities:
-
Do not publicly disclose the vulnerability: We request that you do not publicly disclose the vulnerability until we have had a chance to investigate and address it.
-
Provide detailed information: When reporting a vulnerability, please include as much information as possible to help us understand and reproduce the issue. This should include:
- A description of the vulnerability and its impact.
- Detailed steps to reproduce the vulnerability.
- Any relevant logs, screenshots, or supporting documentation.
-
Contact us privately: Please send your vulnerability report to our dedicated security team. We will respond to acknowledge receipt of your report and begin the investigation.
We aim to respond to vulnerability reports within 48 hours. During the investigation, we may contact you for additional information to help us understand and resolve the issue.
-
Investigate: Our security team will investigate the reported vulnerability to understand its impact and determine the best course of action.
-
Fix: We will develop and test a fix for the vulnerability.
-
Advisory: Once the fix is ready, we will issue a security advisory to inform our users about the vulnerability and the steps they need to take to protect themselves. We will credit the reporter of the vulnerability, unless they prefer to remain anonymous.
-
Update: We will release a new version of the project that includes the fix.
-
Communication: We will communicate with you throughout the process to ensure you are informed of our progress and actions.
In addition to reporting vulnerabilities, we encourage all users and contributors to follow these security best practices:
- Keep your software up to date: Regularly update to the latest versions to benefit from security patches and improvements.
- Use strong, unique passwords: Avoid using common passwords and consider using a password manager to generate and store secure passwords.
- Enable two-factor authentication (2FA): If available, enable 2FA for your accounts to add an extra layer of security.
We appreciate the efforts of the security community in identifying and responsibly disclosing vulnerabilities. Thank you for helping us keep our project secure.
If you have any questions or need further assistance, please reach out to us.