We only provide security updates for the latest major version of ngx-otp-inputs.
Please update to the most recent release before submitting a security report.
| Version | Supported |
|---|---|
| latest | ✅ |
| < latest | ❌ |
If you discover a security vulnerability in ngx-otp-inputs, please help us by reporting it privately.
Do not create a public GitHub issue for security problems.
Send an email to:
Please include:
- A detailed description of the vulnerability.
- Steps to reproduce it.
- Any possible fixes or workarounds.
We aim to:
- Acknowledge your report within 48 hours.
- Provide a status update within 5 working days.
- Release a fix as soon as possible, depending on complexity.
Security issues include (but are not limited to):
- Remote Code Execution (RCE)
- Cross-Site Scripting (XSS)
- Data leaks or exposure of sensitive information
- Unauthorized access or privilege escalation
The following are not considered security issues:
- General bugs or crashes (please report via GitHub Issues)
- Feature requests
- Compatibility issues with unsupported browsers or Angular versions
We kindly request that you:
- Report the issue privately first.
- Allow us reasonable time to investigate and release a fix.
- Avoid publicly disclosing details until the fix has been released.
Thank you for helping keep ngx-otp-inputs and its users safe.