The Qlty CLI follows semantic versioning and is currently pre-1.0.
Only the latest version of the CLI is supported. All security updates will be applied and released as a new pre-1.0 version.
To report a security vulnerability, please email us at [email protected]. Please do not use public forums like GitHub Issues and Discussions to discuss vulnerabilities or sensitive issues.
We’ll work with you to make sure we understand the issue and address it. Our security team will respond to your report within one day and provide regular updates throughout any remediaton process.
If your report is accepted as valid, we will provide an acknowledgement in this SECURITY.md file if you would like to be listed.
Note: We appreciate reports for any and all security issues, but we reserve listings for people who have disclosed unknown vulnerabilities of high or critical severity, or have helped us in an ongoing manner.