We release patches for security vulnerabilities in the following versions:
| Version | Supported |
|---|---|
| 0.1.x | β |
| < 0.1 | β |
If you discover a security vulnerability in Refactron, please follow these steps:
- Security vulnerabilities should be reported privately
- Public disclosure can put users at risk
- Email: [Your security email]
- GitHub Security Advisory: Use the "Report a vulnerability" button on the repository
- Discord/Slack: [Your community channels]
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Your contact information
- We will acknowledge receipt of your report
- We will provide a timeline for response
- We will investigate the reported vulnerability
- We will determine the severity and impact
- We will develop a fix if needed
- We will release a security patch
- We will notify users of the vulnerability
- We will credit you as the reporter (if desired)
We maintain a security hall of fame to recognize security researchers who help keep Refactron secure:
- [Your name] - [Vulnerability description]
- [Researcher name] - [Vulnerability description]
- Keep Refactron updated to the latest version
- Review code before running refactoring suggestions
- Use preview mode (
--preview) before applying changes - Report suspicious behavior immediately
- Follow secure coding practices
- Review security implications of changes
- Test security-related features thoroughly
- Keep dependencies updated
We publish security advisories for:
- Critical vulnerabilities
- High-severity issues
- Breaking security changes
For security-related questions or concerns:
- Email: [Your security email]
- GitHub: Create a private issue
- Community: [Your community channels]
We thank the security community for helping keep Refactron secure. Your contributions are invaluable to the project's success.
Last updated: [Current date] Version: 1.0