We actively maintain and support the latest stable version of this project.
Older versions may or may not receive security updates, depending on severity and available resources.
If you discover a security vulnerability, please report it privately and responsibly.
📧 Contact: [ report@jamesgober.dev ]
Please include:
- A clear description of the issue
- Steps to reproduce (if possible)
- The version or commit affected
- Your suggested fix or mitigation (optional)
Do not disclose security issues in GitHub issues, pull requests, public forums, or other visible channels.
We follow a coordinated disclosure process. When you report a valid security issue:
- We will acknowledge receipt within 3 business days
- We will investigate and respond with next steps
- You will be credited (with permission) if the issue is confirmed and resolved
Critical issues may result in priority patches, embargoes, or mitigations. We appreciate your discretion.
Security fixes are prioritized based on severity, exploitability, and impact. Minor issues may be resolved during regular maintenance cycles, while critical ones will be addressed immediately.
Submitting a vulnerability does not entitle you to compensation, a bounty, or any contractual relationship. All disclosures are voluntary unless a bounty program is explicitly published.
Thanks for helping make this project safer for everyone.