Skip to content

Latest commit

 

History

History
43 lines (29 loc) · 2.25 KB

SECURITY.md

File metadata and controls

43 lines (29 loc) · 2.25 KB

Security Policy

Supported Versions

We release patches and updates for the following versions of the project. Please make sure you are using a supported version to ensure you receive security updates and fixes.

Version Supported
1.0.x
< 1.0

Only the latest major and minor versions of the project are supported. For older versions, you may not receive security patches.

Reporting a Vulnerability

We take the security of our project seriously. If you discover any security vulnerabilities, we encourage you to report them so that we can address the issue promptly and appropriately.

Steps for Reporting

  1. Do not disclose publicly: Please avoid sharing the details of the vulnerability in a public space such as GitHub discussions or public issues.

  2. Open a private issue:

    • Go to our GitHub Issues section.
    • Create a new issue with the label security and mark it confidential if possible, or ensure that the issue is not visible publicly.
  3. Provide necessary details:

    • Description: Provide a detailed description of the vulnerability.
    • Reproduction steps: Include clear steps on how to reproduce the vulnerability.
    • Impact: Describe the potential impact or risk posed by the vulnerability.
    • Recommendations: If possible, include any recommended fixes or mitigations.
  4. Response timeline:

    • We aim to acknowledge the receipt of your vulnerability report within 3 business days.
    • We will follow up with updates during our investigation, and you will be informed when the issue is resolved.
    • For high-priority vulnerabilities, we may issue an immediate patch or update.

Additional Information

  • We appreciate your help in keeping this project secure and ask that you act in good faith when disclosing vulnerabilities.
  • We request that you give us sufficient time to address any reported issues before publicly disclosing them.
  • If the vulnerability poses a significant risk, we may work with the broader community to release a security advisory or update the documentation to reflect the changes.

Thank you for your help in keeping our project secure!