The table below outlines the versions of DevTasks currently receiving active security updates.
| Version | Supported | Notes |
|---|---|---|
| 5.1.x | ✅ | Current stable branch. Receives active security patches and updates. |
| 5.0.x | ❌ | No longer supported. Please upgrade to a newer supported version. |
| 4.0.x | ✅ | Legacy LTS branch. Critical security patches only. |
| < 4.0 | ❌ | End of life. No security updates or support. |
We strongly recommend always running the latest stable release of DevTasks to ensure the highest level of security and performance.
We take the security of DevTasks seriously. If you believe you have found a security vulnerability in this project, please do not report it via public GitHub issues, discussions, or pull requests. Instead, please follow the disclosure process below so we can address the issue responsibly.
Please send a detailed email to shamilahmd12@gmail.com with the subject line "SECURITY VULNERABILITY - DevTasks".
In your report, please include:
- A description of the vulnerability and its potential impact.
- Step-by-step instructions (with a Proof of Concept or exploit script, if possible) to reproduce the issue.
- Details of the environment in which the issue was tested (e.g. OS, Node/Vite version, browser type/version).
- Any suggestions for mitigation or remediation.
Once you submit your report, you can expect the following response and remediation timeline:
- Acknowledgment: You will receive an email acknowledging receipt of your report within 48 hours.
- Triage & Investigation: We will investigate the issue and verify the vulnerability. During this phase, we may contact you for further details or clarification.
- Status Update: Within 5 business days of our initial acknowledgment, we will provide a status update indicating whether the vulnerability was accepted or declined.
- Resolution Plan: If the vulnerability is accepted, we will work on a patch and coordinate a release date. We will keep you updated throughout this process.
- Public Disclosure: Once the patch is released, we will coordinate public disclosure of the vulnerability. We will gladly credit you for the discovery in our release notes if you wish.
To protect our users and the community, we kindly ask that you follow these responsible disclosure principles:
- Give us reasonable time to investigate and patch the vulnerability before making any details public.
- Do not exploit the vulnerability beyond what is strictly necessary to demonstrate it as a Proof of Concept.
- Do not access, modify, or delete any user data that does not belong to you.
- Avoid launching Denial of Service (DoS) attacks or using automated scanning tools that generate high volumes of traffic.
Thank you for helping us keep DevTasks secure and resilient! 🛡️