We release security updates for the following versions:
| Version | Supported |
|---|---|
| 0.3.x | ✅ |
| < 0.3 | ❌ |
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by email to:
You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
Please include the following information in your report:
- Type of vulnerability
- Full paths of source file(s) related to the manifestation of the vulnerability
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the vulnerability, including how an attacker might exploit it
This information will help us triage your report more quickly.
- Report received: Security team acknowledges receipt within 48 hours
- Validation: Team validates and assesses severity (typically within 7 days)
- Fix development: Security fix is developed in a private branch
- Coordinated disclosure: Fix is released, security advisory published
- Public disclosure: After fix is available, vulnerability details are disclosed
Security advisories will be published via:
- GitHub Security Advisories
- Release notes on GitHub
- Announcement in README.md
When using named-colour in your projects:
- Always use the latest version from crates.io
- Review the CHANGELOG.md for security-related updates
- Subscribe to GitHub notifications for security advisories
- Use
cargo auditto check for known vulnerabilities in dependencies
This security policy applies to:
- The named-colour crate published on crates.io
- The source code in the jerus-org/named-colour GitHub repository
This security policy follows best practices from:
- OpenSSF Security Best Practices
- GitHub Security Lab recommendations