We are committed to maintaining the security of our repository and keeping it up-to-date with the latest security patches. We support the latest major release of our repository with security updates, as well as the previous major release for a limited time.
| Version | Supported |
|---|---|
| 2.x.x | ✅ |
| 1.x.x | ✅ |
| < 1.x | ❌ |
If you discover a security vulnerability in our repository, please report it to us by emailing us at security@example.com. We take all security issues seriously and will respond to your report as quickly as possible.
When reporting a vulnerability, please include the following information in your report:
- Description of the vulnerability and the potential impact
- Steps to reproduce the vulnerability
- Any proof-of-concept code or scripts that can demonstrate the vulnerability
- Your contact information so we can follow up with you
We will acknowledge your report within 24 hours and will work with you to validate the vulnerability and develop a fix. We will keep you informed of our progress and coordinate the release of the fix with you. Once the fix is released, we will also create a security advisory to notify our users of the vulnerability and provide instructions on how to update their installations.
We follow a process for managing security vulnerabilities in our repository. This includes:
- Validating and triaging reported vulnerabilities
- Developing and testing patches for vulnerabilities
- Coordinating the release of patches with users and third-party integrators
- Creating a security advisory to notify users of the vulnerability and provide instructions for updating their installations
We aim to release security patches within 30 days of a vulnerability report. However, some vulnerabilities may take longer to fix, especially if they require significant changes to the codebase. In such cases, we will keep you informed of our progress and provide updates on our estimated timeline.
Our repository may include third-party libraries or dependencies that are subject to their own security vulnerabilities. We monitor these dependencies and update them as needed to ensure the security of our repository. However, we encourage users to review the security of these dependencies and report any vulnerabilities they discover.
We expect all users to follow our code of conduct when reporting security vulnerabilities or interacting with our security team. We will not tolerate harassment or abuse of our security team or other users. If you violate our code of conduct, we may take action, including but not limited to, reporting the violation to law enforcement.