This document outlines the security practices and procedures for reporting and addressing vulnerabilities within this GitHub repository.
We provide security updates for the following versions:
| Version | Supported |
|---|---|
| 1.0.0 | ✅ Supported |
| < 1.0.0 | ❌ Not Supported |
Security updates are offered only to the latest version. Users are encouraged to upgrade to the latest supported version.
We encourage responsible disclosure of vulnerabilities and are committed to resolving all valid security issues swiftly.
To report a vulnerability, please use the GitHub vulnerability reporting form. This ensures your report is securely transmitted and reaches us promptly.
- We will acknowledge your report within 24-48 hours.
- Reports will be triaged based on severity and impact, and we’ll collaborate with you to confirm the issue.
- Critical vulnerabilities will be addressed as a priority, and a resolution timeline will be communicated.
- We request that vulnerabilities not be disclosed publicly until a fix is released.
- Reporters will be credited for their findings unless anonymity is requested.
This Security Policy applies to:
- Code, configurations, and resources within this repository.
- Direct dependencies managed and maintained by this repository.
Out-of-scope issues include:
- Vulnerabilities in third-party packages or libraries (though we will assist in reporting them to their maintainers).
- User-specific misconfigurations unrelated to the repository’s functionality.
Once a security vulnerability is patched:
- A new release will be published with a version number indicating the update (e.g., 5.2.1).
- A security advisory will detail the vulnerability, its impact, and the steps taken to address it.
- Users will be notified through release notes and/or repository announcements.
We prioritize collaboration with the community to ensure the security of this repository. Responsible disclosure fosters trust and helps maintain a secure ecosystem.
We value and appreciate the effort you take to notify us of potential vulnerabilities, and we aim to make this process transparent and collaborative.
Thank you for helping us maintain the security and integrity of this repository. Your contributions protect the community and support the project’s success!