We take security seriously. The following versions of our project are currently being supported with security updates:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability, please report it to us as follows:
Do not report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by:
- Using the Security Vulnerability Report template (this creates a private issue)
- Emailing security@yourdomain.com (if available)
- Contacting the maintainers directly through secure channels
Please include the following information in your report:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes or mitigations
- Your contact information for follow-up
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Investigation: We will investigate the issue and work on a fix
- Updates: We will provide regular updates on our progress
- Resolution: Once fixed, we will notify you and publicly disclose the issue (with your permission)
We kindly ask that you:
- Give us reasonable time to fix the issue before public disclosure
- Avoid accessing or modifying user data
- Avoid denial-of-service attacks or other disruptive actions
We appreciate security researchers who help keep our project safe. With your permission, we will acknowledge your contribution in our security advisories.
If you have questions about our security policy, please contact us through the methods listed above.