SECURITY.md

Security Policy

Version	Support status
1.x	✅
< 1.0	❌

Legend:

• ✅ Currently supported, receives security updates
• ❌ Unsupported

Reporting a Vulnerability

If you discover a security vulnerability in JuspayKit, please report it by one of the following methods:

1. Fill out a vulnerability report on GitHub¹.
2. Email the details to vamsi@dewonderstruck.com.

⚠️ Please do not file a public issue for security vulnerabilities. ⚠️

What to Include in Your Report

• A description of the vulnerability
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Any possible mitigations you've identified

What to Expect

As JuspayKit is currently maintained by a single developer, the response time and process may vary. However, here's a general outline of what you can expect:

1. Acknowledgment: You should receive an initial response within 1-3 days, confirming receipt of your report.

2. Assessment: The vulnerability will be investigated as soon as possible. This may take a few days to a week, depending on the complexity of the issue.

3. Resolution: If the vulnerability is confirmed, work on a fix will begin. The timeline for this can vary based on the severity and complexity of the issue.

4. Disclosure: Once a fix is ready, you will be notified. We will coordinate with you on an appropriate disclosure date.

5. Release: The fix will be released, and a security advisory will be published on GitHub.

Thank you for helping to keep JuspayKit!

Footnotes

1. For more information on private vulnerability reporting, see GitHub's documentation. ↩