We actively support and accept vulnerability reports for the following versions:
| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.x | ❌ (unsupported) |
If you discover a security vulnerability in this project, please follow these steps:
-
Do not open a public issue:
Security vulnerabilities must be reported privately to protect users while a fix is being prepared. -
Report via Email:
Send an email to [email protected] with the subject line:
[Security Report]Include the following details:
- A description of the vulnerability.
- Steps to reproduce the issue (if applicable).
- Any potential impact.
- Suggested mitigations (optional).
-
Acknowledgment:
You will receive a response within 48 hours acknowledging the report.
If we need further clarification, we’ll reach out during this time. -
Timeline for Fixes:
We aim to address all valid security reports within 7 days and will coordinate with you to disclose the vulnerability responsibly.
- Authentication and authorization flaws.
- Code injection (e.g., SQL, command, or script injection).
- Data leakage or sensitive information exposure.
- Cross-Site Scripting (XSS), CSRF, and related vulnerabilities.
- General bugs unrelated to security.
- Vulnerabilities in third-party dependencies (report these to the respective maintainers).
Your contributions to the security of this repository are highly appreciated.
Thank you for helping us maintain a secure project for everyone!