Thank you for taking the time to improve the security of this project. We take security vulnerabilities seriously and appreciate your efforts to responsibly disclose any issues.
We actively support and apply security patches to the following versions of the project:
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
If you are using an unsupported version, we recommend upgrading to the latest version to ensure you receive security updates.
If you discover a security vulnerability, please follow these steps:
- Do not open a public issue. Instead, report the vulnerability via email to [email protected].
- Provide as much detail as possible, including:
- A description of the vulnerability.
- Steps to reproduce the issue.
- Potential impact and severity.
- Any suggested mitigation steps.
We will acknowledge receipt of your report within 48 hours and work to resolve the issue as quickly as possible. Once the vulnerability is resolved, we will notify you and provide credit for the responsible disclosure, if applicable.
When security vulnerabilities are patched, we will:
- Announce the fix in the repository’s release notes.
- Increment the version number and tag the release.
- Notify the community via [communication channels, e.g., email, social media].
We encourage all users to update to the latest version whenever a security patch is released.
We are committed to addressing vulnerabilities in:
- The core codebase of the project.
- Dependencies and third-party libraries used within the project.
However, vulnerabilities that arise from misconfiguration or improper usage outside of our control (e.g., deploying the application with insecure settings) are not covered under this policy.
If you have any security-related questions or need further clarification, please contact us at [email protected].