We release patches for security vulnerabilities. The following table describes the versions that are currently supported with security updates:
| Version | Supported |
|---|---|
| 1.1.0 | ✅ |
| 1.0.x | ❌ |
If you discover a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner. Please follow the steps below to report a vulnerability:
- Do not open an issue on GitHub. This will make the vulnerability public and could put users at risk.
- Send an email to maintainers of this repo with the subject line "Security Vulnerability Report".
- In your email, please include:
- A description of the vulnerability.
- Steps to reproduce the issue.
- Any relevant information such as affected versions, potential impact, etc.
- Acknowledgment: You will receive an acknowledgment of your report within 3 business days.
- Initial Assessment: We will conduct an initial assessment of the vulnerability within 5 business days of acknowledgment.
- Status Updates: You will receive regular updates on the status of the vulnerability, including our assessment and any plans for addressing it.
- Resolution: Once the vulnerability is confirmed, we will work on a fix and release a patch as soon as possible. You will be notified when the patch is released.
- Credit: We will acknowledge your contribution in the release notes, unless you prefer to remain anonymous.
We are committed to addressing security issues in a timely manner and keeping our users informed. Thank you for helping us maintain the security and integrity of our project.
We recommend that all users keep their installations up to date with the latest security patches. Information about our releases and updates can be found on the Releases page.
For any other security-related inquiries, please contact us on Linkedin.
Thank you for helping to keep our project secure!