We currently support the following versions with security updates:
| Version | Supported |
|---|---|
| 1.x.x | β |
We take the security of Juniper Leaves seriously. If you discover a security vulnerability, please follow these steps:
DO NOT open a public issue for security vulnerabilities.
Instead, please report security vulnerabilities to:
- Email: kevin@cascadiacollections.com
- Subject: [SECURITY] Vulnerability Report for Juniper Leaves
Please include the following information in your report:
- A description of the vulnerability
- Steps to reproduce the issue
- Possible impact of the vulnerability
- Any suggested remediation steps
- Your contact information for follow-up
- Initial Response: We aim to acknowledge receipt within 24 hours
- Assessment: We will assess the vulnerability within 48 hours
- Resolution: We will work to resolve confirmed vulnerabilities as quickly as possible
- Disclosure: We will coordinate with you on responsible disclosure timing
This security policy applies to:
- The main Juniper Leaves website and application
- Build and deployment processes
- Dependencies with known vulnerabilities
The following are generally out of scope:
- Issues in third-party services we don't control
- Social engineering attacks
- Physical security issues
We appreciate security researchers who help keep our project safe. With your permission, we'd be happy to acknowledge your contribution in our security advisories.
- Keep dependencies up to date
- Follow secure coding practices
- Use strong authentication for accounts with access to the repository
- Enable two-factor authentication on GitHub accounts
- Keep your browser up to date
- Be cautious when entering personal information
- Report any suspicious activity
If you have any questions about this security policy, please contact kevin@cascadiacollections.com.