The following versions of this project are currently supported with security updates.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older Versions | ❌ |
If you discover a security vulnerability, please report it responsibly and privately.
- Open a public GitHub issue for security vulnerabilities
- Publicly disclose the issue before it has been reviewed and fixed
Please report vulnerabilities using one of the following methods:
- GitHub Security Advisories (preferred)
- Direct contact with the project maintainers
When reporting a vulnerability, please include:
- A clear description of the issue
- Steps to reproduce the vulnerability
- Potential impact
- Suggested fixes (if available)
- Relevant screenshots, logs, or proof-of-concept code
After a vulnerability report is submitted:
- The maintainers will acknowledge the report within 3–7 business days
- The issue will be investigated and validated
- A fix will be developed and tested
- A patch or security update will be released if necessary
- The reporter may be credited unless anonymity is requested
We kindly ask researchers and contributors to:
- Avoid exploiting vulnerabilities beyond what is necessary for verification
- Avoid accessing, modifying, or deleting user data
- Give maintainers reasonable time to resolve the issue before public disclosure
- Act in good faith to help improve the project's security
Contributors are encouraged to:
- Keep dependencies updated
- Avoid committing secrets or API keys
- Validate and sanitize user inputs
- Follow secure coding standards
- Report suspicious behavior immediately
This policy applies to:
- Source code
- Documentation
- CI/CD workflows
- Configuration files
- Repository-managed dependencies
Third-party services and dependencies follow their own security policies.
We appreciate the efforts of security researchers and contributors who help keep this project secure through responsible disclosure.