We release patches for security vulnerabilities. Currently supported versions:

If you discover a security vulnerability within this project, please send an email to the repository maintainers. All security vulnerabilities will be promptly addressed.

Please do not report security vulnerabilities through public GitHub issues.

When reporting a vulnerability, please include:

• Type of vulnerability
• Full paths of source file(s) related to the vulnerability
• Location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit it

• We will acknowledge your report within 48 hours
• We will provide a more detailed response within 7 days
• We will keep you informed about the progress towards fixing the vulnerability
• We will notify you when the vulnerability is fixed

When using this project:

1. Always use the latest version
2. Keep all dependencies up to date
3. Follow secure coding practices
4. Never commit secrets or credentials to the repository
5. Use environment variables for sensitive configuration
6. Enable HTTPS/TLS for all production deployments
7. Implement proper authentication and authorization
8. Regularly review and audit security configurations

When we receive a security bug report, we will:

1. Confirm the problem and determine affected versions
2. Audit code to find any similar problems
3. Prepare fixes for all supported versions
4. Release new versions as soon as possible

Thank you for improving the security of this project!