At Farpy, we take security seriously. If you discover a vulnerability, we ask that you report it responsibly. Please follow the process outlined below to ensure that vulnerabilities are addressed in a timely and secure manner.
We will provide security updates for the following versions of Farpy:
| Version | Supported |
|---|---|
| 0.x.x | ✅ |
If you believe you have discovered a security vulnerability in Farpy, please follow these steps:
-
Email: Send a report to our security team at:
- Email: fernandothedev
-
Details to Include: When reporting a vulnerability, please provide:
- A clear and detailed description of the vulnerability.
- Steps to reproduce the issue.
- Any relevant code or data that can help us understand the problem.
-
Timeline for Response: After you report the vulnerability, we will acknowledge receipt within 48 hours. We will provide an initial response with our findings and an estimated timeline for a fix.
-
What Happens After: Once we have verified the vulnerability, we will work on a fix and release an update. If needed, we will issue a security advisory to inform users about the vulnerability and the necessary steps to mitigate it.
-
Disclosure: We follow responsible disclosure practices. The vulnerability will not be disclosed publicly until a fix has been applied, ensuring that users are not at risk.
We encourage developers to follow best practices to ensure security in the Farpy project. This includes:
- Regularly updating dependencies and libraries.
- Performing static code analysis and vulnerability testing.
- Writing secure code to prevent common vulnerabilities.