Skip to content

Security: kashkoool/Transport

Security

SECURITY.md

Security Policy

Supported Versions

This project ships from main. Security fixes are applied to the latest released images and to main; older tags are not patched.

Version Supported
main / latest
older tags

Reporting a Vulnerability

Please report security vulnerabilities privately — do not open a public issue, pull request, or discussion for a suspected vulnerability.

Report through GitHub's private vulnerability reporting:

This opens a private GitHub Security Advisory visible only to you and the maintainers.

When reporting, please include:

  • a description of the vulnerability and its impact,
  • the affected component, endpoint, or file,
  • clear steps to reproduce (proof-of-concept if available),
  • any suggested remediation.

Response Expectations

  • Acknowledgement: within 3 business days of your report.
  • Assessment & triage: within 7 business days, with an initial severity rating.
  • Fix & disclosure: we aim to ship a fix and coordinate public disclosure within 90 days, sooner for actively exploited or critical issues.

Please give us a reasonable opportunity to remediate before any public disclosure. We will keep you informed of progress and credit you in the advisory if you wish.

There aren't any published security advisories