Security

SECURITY.md

Security Policy

Supported Versions

We provide security updates for the supported release series. Check release notes for details.

Reporting a Vulnerability

If you discover a security vulnerability, please do NOT open a public issue. Email details to [email protected] with:

A clear description of the issue
Steps to reproduce
Potential impact and attack surface
Any suggested mitigations or fixes

We will acknowledge receipt within 48 hours and follow up with next steps.

Response Timeline

Acknowledgement: within 48 hours
Initial triage: within 7 days
Patch or mitigation: timeline depends on complexity and impact

Security Practices

Keep dependencies up to date and monitor advisories
Use secure password hashing and session handling
Validate and sanitize user input
Use HTTPS/TLS in production

Disclosures and Credits

We will credit security researchers who responsibly disclose issues unless they prefer to remain anonymous.

Contact: [email protected]

There aren’t any published security advisories