Security Policy

This Bigstack Open Source Project adheres to the Bigstack co. Itd Vulnerability Reporting Policy.

Version: 31 Mar 2025

How To Report a Vulnerability

If you think you have found a vulnerability in this repository, please report it to us through coordinated disclosure.

Please do not report security vulnerabilities through public issues, discussions, or change requests.

Instead, report it using one of the following ways:

Please include as much of the information listed below as you can to help us better understand and resolve the issue:

The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
Affected version(s)
Impact of the issue, including how an attacker might exploit the issue
Step-by-step instructions to reproduce the issue
The location of the affected source code (tag/branch/commit or direct URL)
Full paths of source file(s) related to the manifestation of the issue
Configuration required to reproduce the issue
Log files that are related to this issue (if possible)
Proof-of-concept or exploit code (if possible)

This information will help us triage your report more quickly.

This policy applies to all open source projects developed, maintained, or hosted by Bigstack.

For supported versions please refer to the product lifecycle matrix.

Thank you to all who report security vulnerabilities to us.

This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date.

If you have any questions about this Security Policy, please contact us at security@bigstack.co.