Part of the SuiteTools governance set. See
/docs/governancefor related policies and resources.
Last updated September 22, 2025
SuiteTools takes security seriously. This policy defines how SuiteTools handles security vulnerabilities and how contributors and external parties should report them.
Scope: Applies to the main branch and latest release. Forks, custom modifications, and unsupported versions are out of scope.
If you discover a vulnerability, please help us protect the community by reporting it responsibly.
- Reports can be sent to security@[pending-domain] (This address will be updated once the SuiteTools domain is active. Until then, please use GitHub private advisories as the primary reporting channel.)
- Or open a private advisory via GitHub Security.
- Do not open a public issue for security reports.
- Include:
- Steps to reproduce
- Potential impact
- Any suggested fixes or mitigations
We actively maintain:
- The
mainbranch - The latest published release
These versions will receive security updates and coordinated fixes.
The following are not covered by this security policy:
- Older releases (beyond the latest published release)
- Forks or derivative projects not maintained by the SuiteTools steward
- Custom modifications made outside the official repository
- Archived or deprecated branches
- Acknowledge your report within a reasonable timeframe.
- Investigate the issue and, if confirmed, prepare a fix.
- Coordinate a release and credit you (if desired) in the changelog.
Please allow maintainers a reasonable window to investigate, prepare a fix, and publish a release before public disclosure. This ensures the community remains protected while the issue is being resolved.
- Changes to this file must be reflected in the changelog.
- Keep cross‑links between standards up to date to avoid drift.