We actively support the following versions of Verisav Vocabularies with security updates:
| Version | Supported |
|---|---|
| 1.1.x | ✅ |
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability in Verisav Vocabularies, please report it responsibly.
- Do NOT open a public GitHub issue
- Email security details to: security@verisav.fr
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- We will acknowledge receipt within 48 hours
- We will provide an initial assessment within 7 days
- We will keep you informed of our progress
- We will notify you when the vulnerability is fixed
- We follow responsible disclosure practices
- We will credit you (if desired) when the vulnerability is disclosed
- We will coordinate public disclosure with you
When using Verisav Vocabularies:
- Validate Input: Always validate RDF/OWL data before processing
- Use HTTPS: Always use HTTPS for vocabulary namespace URIs
- Content Negotiation: Use proper HTTP Accept headers
- Version Pinning: Pin to specific vocabulary versions in production
- Regular Updates: Keep vocabulary implementations up to date
- Large RDF files may cause memory issues - validate file sizes
- Malformed RDF may cause parser errors - always validate syntax
- External namespace resolution - be aware of network requests
- HTTP redirects (303) are used for namespace resolution
- Ensure your HTTP client follows redirects securely
- Validate content types returned by servers
For security-related questions or concerns:
- Email: security@verisav.fr
- PGP Key: [Available upon request]
Thank you for helping keep Verisav Vocabularies secure!