Patches for security vulnerabilities are released in the following versions:
Version | Supported |
---|---|
latest | ✅ |
If you discover a security vulnerability, please report it through the GitHub Security Advisory.
Alternatively, you can report it via email to hello ricardovitorino com. Please include the following details with your report:
- A description of the vulnerability and its potential impact.
- Steps to reproduce the issue.
- Any potential mitigations you have identified.
- Your contact information if you require further assistance.
I will try to respond to security reports within 48 hours and make every effort to quickly address the issue.
To ensure the security of our repository and its users, the following best practices are followed:
- Dependency Management: Dependencies are regularly updated and tools like Dependabot are used to identify and address potential vulnerabilities in third-party packages.
- Code Reviews: All code changes are subject to peer review to identify potential security issues.
- Continuous Integration: GitHub Actions are used for continuous integration to run automated tests and checks on all pull requests.
- Least Privilege Principle: Access to sensitive parts of the repository is limited to only those who need it.
- Static Code Analysis: Tools like Ruff are used for linting and code analysis to enforce secure coding practices.
- Documentation: Documentation is maintained up-to-date on secure coding practices and how to contribute securely.
I believe in responsible disclosure and request that all security vulnerabilities be reported to us privately, allowing the opportunity to address them before they are disclosed publicly. I will keep you informed of the progress towards a fix and may ask for additional information or assistance as needed.
Updates are regularly released to address security vulnerabilities. Users are encouraged to keep their installations up-to-date to benefit from these fixes. Announcements regarding security updates will be made on the repository's GitHub Releases page.
I am committed to fostering a respectful and inclusive community. All members are expected to adhere to our Code of Conduct and to report any breaches that could impact the security or integrity of the project.
If you have any questions or concerns about our security policy, please contact me at hello ricardovitorino com.
Thank you for helping to keep GistMaster safe and secure!