This policy outlines the process for reporting security vulnerabilities affecting our systems, products, or services. We appreciate your efforts in helping us maintain a secure environment and take all vulnerability reports seriously.
| Version | Supported |
|---|---|
| 3.12.x | ✅ |
| 3.11.x | ❌ |
| < 3.11 | ❌ |
To report a security vulnerability, please submit your findings through our reporting platform.
Please provide the following information in your report to help us understand and address the vulnerability effectively:
-
Detailed Description: Clearly describe the vulnerability, including its potential impact. Be as specific as possible, including affected systems, components, and URLs.
-
Steps to Reproduce: Provide a step-by-step guide on how to reproduce the vulnerability. This is crucial for our team to verify and address the issue quickly. Include screenshots or videos if helpful.
-
Affected Systems/Components: Specify the affected systems, software, or hardware. Include version numbers where applicable.
-
Your Contact Information: Provide your name and email address so we can contact you for further clarification or updates. We respect your privacy and will handle your information responsibly.
We will acknowledge receipt of your vulnerability report within three business days and provide updates on the progress of our investigation and remediation efforts.
If the vulnerability is accepted, we will prioritize its remediation based on its severity and potential impact. We will work to address the issue as quickly as possible and may request further information from you during the process.
By submitting a vulnerability report, you agree that you are not violating any applicable laws or regulations.
We appreciate your cooperation in helping us maintain a secure environment. If you have any questions about this policy, please contact us at reporting platform.