The vue3-steppy is committed to ensuring the security of everyone using it. The security of the project is of very importance and any contributions that improve the security of the application are welcome.

If you believe you have found a security vulnerability in vue3-steppy, you are encouraged to create a report as soon as possible. All legitimate reports will be investigated to provide a quick fix. Please follow these guidelines when reporting a vulnerability:

• Email: Please send an email to the owner.
• GitHub Issue: It's recommended not to report security vulnerabilities through GitHub issues as they are public. Please use the email address provided.

Please provide as much information as possible about the vulnerability, including:

• A clear description of the issue.
• Steps to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures are all helpful).
• Any potential impacts of the vulnerability.
• Any suggestions for fixing the vulnerability.

• An acknowledge receipt of your report within 24 hours.
• An initial assessment of the report within 3 business days.
• Possible contact for further information if necessary.
• Once the vulnerability is confirmed, a fix and release will be scheduled as quickly as feasible.
• You will be informed about the progress.

This security policy may be updated from time to time. The most current version will always be posted on the GitHub repository.

Please note that the following issues are considered out of scope for the security vulnerability reporting:

• Descriptive error messages (e.g., Stack Traces, application or server errors).
• HTTP 404 codes/pages or other HTTP non-200 codes/pages.
• Fingerprinting/banner disclosure on common/public services.
• Disclosure of known public files or directories, (e.g., robots.txt).

Your efforts are appreciated to responsibly disclose your findings and will make every effort to acknowledge your contributions.