🔐 Security Policy 🧭 Supported Versions
The table below outlines which versions of our project currently receive security updates and patch support.
Version Supported 5.1.x ✅ Active Support 5.0.x ❌ Deprecated 4.0.x ✅ Active Support < 4.0 ❌ Unsupported
We strongly encourage all users to upgrade to the latest supported version to benefit from ongoing security improvements and patches.
🛡️ Reporting a Vulnerability
If you discover a security issue or potential vulnerability, please help us keep our community safe by reporting it responsibly.
📬 How to Report
Send a detailed description of the vulnerability to: security@[yourdomain].com
Include:
Steps to reproduce the issue
=> Affected version(s)
=> Any possible impact you foresee
=> Your contact information (for follow-up)
⏳ Response Timeline
Once your report is received, our process is:
=> Stage Expected Response Time => Initial acknowledgment within 48 hours => Triage & validation within 5 business days => Patch or mitigation plan within 10 business days (depending on severity) => Public disclosure (if applicable) coordinated with the reporter after patch release
We’ll keep you informed throughout the process and will credit you (if desired) once the issue is resolved.
🔒 Responsible Disclosure Policy
We kindly ask that you:
-
Do not publicly disclose the vulnerability until we confirm and release a fix.
-
Avoid exploiting the vulnerability or accessing unauthorized data.
-
Allow us reasonable time to mitigate the issue.
We follow a coordinated disclosure approach, aligned with ISO/IEC 29147.
🧠 Security Philosophy
Security is a shared responsibility. Our commitment:
Continuous code audits and dependency monitoring
Secure CI/CD and infrastructure practices
Rapid patch deployment upon verified reports
Transparency with our user community
If you ever have concerns about your data or our system integrity, please reach out directly.