We take security seriously and value the efforts of the security community to responsibly disclose any vulnerabilities. If you discover a security issue in our project, we appreciate your help in disclosing it to us privately and allowing us the opportunity to address the concern.
To report a security issue, please follow these steps:
Do not publicly disclose the issue until it has been addressed by our team. Send us an email at [email protected] to report the security concern. Provide a detailed description of the issue, including steps to reproduce it if applicable. If known, let us know the potential impact of the vulnerability. We commit to responding promptly and keeping you informed about the progress in addressing the reported issue.
Our security policy covers the most recent stable release of the project and its immediate predecessor. If you are using an older version, we strongly encourage you to upgrade to the latest release to benefit from the latest security fixes and improvements.
| Version | Supported |
|---|---|
| 0.3.10 | ❌ |
| < 0.3 | ❌ |
Upon receiving a security report, we will:
- Acknowledge receipt of the report.
- Work diligently to verify and reproduce the reported issue.
- Collaborate with the reporter, if needed, to better understand the details of the vulnerability.
- Prioritize the issue and provide an estimated timeline for its resolution.
- Prepare and release a security patch or update as soon as it is ready.
- Mention the reporter in the release notes, if they wish to be acknowledged.
We aim to release security fixes as quickly as possible and inform our users about the vulnerability. However, to protect our users and give them adequate time to update their installations, we follow a responsible disclosure policy:
- We request that the reporter does not publicly disclose the vulnerability until we have released a fix.
- Once a security fix is available, we will coordinate the release with the reporter and set a mutually agreed-upon date for public disclosure.
- If the reporter agrees, we will mention them in the public disclosure for their contribution.
Our project may use third-party libraries or dependencies. While we strive to keep them up to date and secure, we may not always have control over their security updates. If you believe a security issue is related to a third-party library, please report it to the respective maintainers.
We encourage all our users and contributors to follow these security best practices:
- Regularly update the project to the latest stable version.
- Use strong and unique passwords for any accounts associated with the project.
- Enable two-factor authentication whenever possible.
- Do not share sensitive information or credentials publicly.
This security policy is subject to change as the project evolves and to address any new security challenges that may arise. Please check back regularly for updates.
By working together responsibly and collaboratively, we can ensure the security and stability of our project. Thank you for your support and cooperation.