We take security seriously and provide security updates for the following versions:
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
We appreciate your efforts to responsibly disclose security vulnerabilities. If you discover a security vulnerability in this project, please follow these steps:
- DO NOT create a public GitHub issue for security vulnerabilities
- Send an email to: [email protected]
- Include the following information in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes or mitigations
- Your contact information (optional, but helpful for follow-up)
- Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
- Initial Assessment: We will provide an initial assessment within 5 business days
- Regular Updates: We will keep you informed of our progress at least every 7 days
- Resolution Timeline: We aim to resolve critical vulnerabilities within 30 days
- Disclosure: We will coordinate with you on the timing of public disclosure
- Triage: We evaluate the severity and impact of the reported vulnerability
- Investigation: Our team investigates and confirms the vulnerability
- Fix Development: We develop and test a fix for the vulnerability
- Release: We release a security update
- Disclosure: We coordinate responsible disclosure with the reporter
When using this project, we recommend:
- Keep dependencies up to date
- Use the latest stable version
- Follow secure coding practices
- Regularly review security advisories
- Implement proper authentication and authorization
- Use HTTPS in production environments
- Regularly backup your data
This security policy applies to:
- The main codebase in this repository
- Dependencies we directly maintain
- Documentation and configuration examples
This policy does not cover:
- Third-party dependencies (please report to their respective maintainers)
- Issues in forked repositories
- Social engineering attacks
We believe in recognizing security researchers who help us maintain the security of our project. With your permission, we will:
- Credit you in our security advisory
- Add you to our security acknowledgments
- Mention you in release notes (if desired)
For security-related questions or concerns, please contact:
- Security Contact: [email protected]
- Response Time: Within 48 hours
Thank you for helping keep our project and community safe!