We strive to keep Semafy secure for everyone. We welcome your help in disclosing vulnerabilities responsibly.
Version | Supported |
---|---|
2.x.x | ✅ |
1.x.x | ❌ |
0.0.x | ❌ |
If you have discovered a security vulnerability, please report it privately to us as follows:
- Go to the project's Security tab on GitHub.
- Click on "Report a vulnerability".
Please include as much information as possible with your report, such as:
- A description of the vulnerability
- Steps to reproduce or proof-of-concept
- Potential impacts of the vulnerability
We appreciate your efforts to responsibly disclose your findings and will respond in kind to acknowledge, investigate and fix your report in a timely and transparent manner.
After the submission:
- Your submission will be reviewed and validated.
- We will contact you to acknowledge receipt of your report.
- You will receive updates as we investigate and work on resolving the issue.
- Once the issue is resolved, an update will be released, and you will be credited for your contribution (unless you prefer to remain anonymous).