We actively support the following versions of Mister.Version with security updates:
| Version | Supported | .NET Versions |
|---|---|---|
| 1.x.x | ✅ | 8.0, 9.0, 10.0 |
| < 1.0 | ❌ | - |
We take the security of Mister.Version seriously. If you discover a security vulnerability, please follow these steps:
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, please report security vulnerabilities by:
- Using GitHub's Security Advisory feature: Report a vulnerability
- Or emailing us directly at: security@mister-version.dev
Please include as much of the following information as possible:
- Type of vulnerability
- Full paths of source file(s) related to the vulnerability
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the vulnerability, including how an attacker might exploit it
After you submit a report, you can expect:
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Investigation: We will investigate and validate the vulnerability
- Updates: We will keep you informed about our progress
- Fix Timeline: We aim to release a fix within 90 days for confirmed vulnerabilities
- Credit: We will credit you in the security advisory (unless you prefer to remain anonymous)
When using Mister.Version in your projects:
- Keep Updated: Always use the latest stable version
- Review Permissions: Ensure your CI/CD pipelines have minimal necessary permissions
- Validate Input: When using configuration files, validate their sources
- Audit Dependencies: Regularly review and update dependencies
- Monitor Advisories: Watch this repository for security advisories
Mister.Version includes the following security considerations:
- Read-only Git repository access
- No external network calls except for Git operations
- Configuration validation
- Safe file system operations
When we receive a security vulnerability report:
- We will confirm the vulnerability and determine its severity
- We will develop a fix and prepare a release
- We will coordinate disclosure with the reporter
- We will publish a security advisory
- We will credit the reporter (if they wish)
If you have suggestions on how this process could be improved, please submit a pull request or open an issue.
Thank you for helping keep Mister.Version and its users safe!