We release patches for security vulnerabilities. Which versions are eligible for receiving such patches depends on the CVSS v3.0 Rating:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
Please report (suspected) security vulnerabilities to [email protected]. You will receive a response within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.
- Keep dependencies updated: Regularly update all dependencies to their latest secure versions
- Use secure storage: Never commit secrets, API keys, or credentials to the repository
- Validate input: Always validate and sanitize user input
- Use HTTPS: Always use HTTPS for network communications
- Follow principle of least privilege: Grant minimum necessary permissions
- Regular security audits: Perform regular security audits and penetration testing
- We follow responsible disclosure practices
- Security vulnerabilities will be disclosed after a patch is available
- We will credit security researchers who responsibly disclose vulnerabilities
Security updates will be released as:
- Patch versions for critical vulnerabilities
- Minor versions for important security improvements
- Major versions for significant security architecture changes
For security-related questions or concerns, please contact:
- Email: [email protected]
- PGP Key: [Add your PGP key fingerprint here]