We take security seriously and appreciate your efforts to responsibly disclose vulnerabilities.
We release updates to the latest major version and may backport critical security patches to prior versions.
| Version | Supported |
|---|---|
| x.x.x | ✅ |
| <x.x.x | ❌ |
If you discover a security vulnerability, please report it privately by emailing us at [email protected]. Please do not open an issue publicly on the repository as this might compromise the security.
We will respond as soon as possible and work with you to resolve the issue.
When security vulnerabilities are patched, we will:
- Announce the fix in the repository’s release notes.
- Increment the version number and tag the release.
- Notify the community via [communication channels, e.g., email, social media].
We encourage all users to update to the latest version whenever a security patch is released.
We are committed to addressing vulnerabilities in:
- The core codebase of the project.
- Dependencies and third-party libraries used within the project.
However, vulnerabilities that arise from misconfiguration or improper usage outside of our control (e.g., deploying the application with insecure settings) are not covered under this policy.
If you have any security-related questions or need further clarification, please contact us at [email protected].
Thanks for helping keep the project secure!