We currently provide security updates for the following versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security issue, please follow these guidelines:
Please DO NOT report security vulnerabilities through public GitHub issues.
Instead, please report them to:
- Email: [email protected]
- GitHub Security Advisory: Create a private security advisory
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact and attack scenarios
- Suggested fix (if you have one)
- Your contact information for follow-up
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Fix Timeline: Depends on severity and complexity
- Acknowledgment: We'll confirm receipt of your report
- Investigation: We'll investigate and validate the issue
- Fix Development: We'll develop and test a fix
- Coordinated Disclosure: We'll coordinate the release and disclosure
- Credit: We'll acknowledge your contribution (if desired)
This security policy applies to:
- The utopia_hotreload package
- Related infrastructure and documentation
- Security issues that affect user applications
The following are generally not considered security vulnerabilities:
- Issues in third-party dependencies (please report to the respective maintainers)
- Denial of service attacks requiring local system access
- Issues requiring physical access to the system
Thank you for helping keep Utopia Hot Reload and our users safe!