We currently support the following versions with security updates:
| Version | Supported |
|---|---|
| >=0.6.0 | ✅ |
| <= 0.5.9 | ❌ |
If you discover a security vulnerability, please do the following:
- Do not open an issue describing the vulnerability. This could expose the vulnerability to the public.
- Use GitHub's private vulnerability reporting feature to report the vulnerability directly. You can do this by using Github's private reporting feature of the repository and clicking "Report a vulnerability".
- Alternatively, you can contact us directly at security@darkrockmountain.com with the following details:
- A description of the vulnerability and its impact.
- Steps to reproduce the vulnerability.
- Any potential fixes you have in mind.
We will acknowledge your report within 48 hours and work with you to understand and address the issue promptly. We will keep you updated on our progress.
We prefer all communications to be in English.
- We will work with you to make a coordinated disclosure.
- Once a fix is implemented, we will release it and publish a security advisory.
- We will credit you for the discovery of the vulnerability if you wish to be credited.
- We aim to release security updates as soon as possible after a vulnerability is discovered.
- Security updates will be listed in the CHANGELOG with a detailed description of the changes.
We appreciate your efforts to improve the security of our project. Thank you for helping keep our project and community safe!
For any further questions regarding our security policy, please contact us at security@darkrockmountain.com.