Version | Supported |
---|---|
1.0.x | ✅ |
< 1.0 | ❌ |
If you discover a security vulnerability in this project, please follow these steps to report it:
-
Ensure Your Findings Are Valid: Before reporting a vulnerability, please ensure it is a genuine security issue. Avoid making it public until it has been resolved.
-
Contact Us Privately: Send an email to [email protected] with details about the vulnerability. Include the following information:
- A brief description of the vulnerability.
- Steps to reproduce or a proof-of-concept.
- Affected versions (if known).
- Any additional information that may be relevant.
-
Expect a Response: You should receive an acknowledgment of your report within 24 hours. We will work with you to verify and understand the issue.
-
Resolution Timeline: The time to resolve the issue may vary depending on its complexity and severity. We will keep you informed of our progress and let you know when we expect to release a fix.
-
Public Disclosure: Once the issue is resolved, we will coordinate with you on when and how the vulnerability will be publicly disclosed. We typically aim to do this responsibly and after providing a fix to affected versions.
-
Credit: If you report a valid security vulnerability that leads to a fix, you may be eligible for public acknowledgment and credit in our release notes or on our website. Please let us know if you wish to be credited.
Thank you for helping us keep our project secure.