WaterApps repositories are generally maintained on a rolling basis.
We actively provide security fixes for:
| Version / Branch | Supported |
|---|---|
main |
Yes |
| Latest tagged release (if any) | Best effort |
| Older releases / unmaintained branches | No |
Notes:
- Some repos are internal tooling or infrastructure reference repos and may not publish formal version tags.
- If a repository has its own
SECURITY.md, that repo-specific policy takes precedence.
If you believe you have found a security vulnerability, please do not report it in a public GitHub issue.
Report it privately using one of the following methods:
- Email:
varun@waterapps.com.au - GitHub private vulnerability reporting: Use the repository's Report a vulnerability feature (if enabled)
- A clear description of the issue
- Steps to reproduce (PoC), if available
- Affected repository and file/path
- Potential impact
- Any suggested remediation (optional)
- Secrets, tokens, credentials, or private keys
- Sensitive customer/client data
- Internal account identifiers, environment details, or access URLs
We will make a best effort to:
- Acknowledge receipt within 2 business days
- Triage and assess impact promptly
- Share a remediation timeline when the issue is confirmed
- Coordinate disclosure once a fix is available
Please allow reasonable time for investigation and remediation before public disclosure.
We appreciate responsible reporting and will provide credit (if desired) when appropriate.