Thank you for helping keep EventStack secure! This document outlines the guidelines for reporting security issues and best practices.
We only provide security updates for the latest stable version of the project.
| Version | Supported |
|---|---|
| main | โ Yes |
| older | โ No |
If you discover a security vulnerability, please do not create a public issue.
Instead, report it directly and confidentially to the project maintainer.
Please include the following information:
- Description of the vulnerability
- Steps to reproduce (if applicable)
- The potential impact
- Suggested remediation (if known)
โ We will acknowledge your report within 72 hours and take appropriate action.
We ask that you:
- Do not publicly disclose the issue until it has been resolved.
- Avoid testing vulnerabilities in a way that could disrupt services.
- Act in good faith and with respect for user data and privacy.
If you're contributing code to the project, please keep these in mind:
- Avoid hardcoding secrets or tokens in the codebase.
- Sanitize and validate all user input.
- Keep dependencies up to date.
- Run security linters or scans (e.g.,
banditfor Python). - Use HTTPS and secure data handling practices when applicable.
We appreciate the communityโs support in improving the security of EventStack. Thank you for acting responsibly and helping make open source better and safer for everyone.
=======
We currently support and maintain the following versions of this project:
| Version | Supported |
|---|---|
| Latest | โ |
| Older | โ (no longer maintained) |
If you are using an older version, we recommend upgrading to the latest release for security and stability.
If you discover a security vulnerability, we encourage you to report it privately and responsibly to help us maintain a secure project.
Please email us at [email protected] with the following details:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact (if known)
- Any relevant screenshots, logs, or PoC (Proof of Concept)
Note: Do not publicly disclose the vulnerability until it has been investigated and resolved.
Alternatively, you may use GitHubโs built-in Security Advisories feature to report issues.
We aim to respond to vulnerability reports within 72 hours of receipt. Depending on the severity and complexity of the issue, we may take longer to provide a fix.
You will be notified:
- Upon receipt of your report
- When the investigation is complete
- Once a fix is implemented and released
- When public disclosure is appropriate
We sincerely thank all contributors and researchers who help keep this project secure.
Thank you for helping us improve the security of this project!