This document describes how to report and handle security issues for IPL, the interpreted programming language written in Rust.
Only the latest release and the main branch are supported for security fixes.
| Version | Supported |
|---|---|
main (development) |
✅ |
| Latest release tag | ✅ |
| Older versions | ❌ |
If you find a security vulnerability, do not open a public issue or pull request.
To report it safely:
- Go to the project’s GitHub repository.
- Navigate to the “Security” tab.
- Click “Report a vulnerability.”
- Fill out all requested information, including:
- Description of the issue
- Steps to reproduce
- Expected impact
- (Optional) proof of concept
I will review your report and respond privately.
- The report is verified and rated for severity.
- A private patch branch is created and tested.
- When resolved:
- A new release is published.
- The issue is noted in the changelog.
- The reporter is credited if they choose.
Please keep security reports confidential until a fix is released. Coordinated disclosure protects users and the integrity of the project.
Thank you for helping keep IPL secure