If you discover a security vulnerability in the PACT specification or reference implementation, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please email security@tailor.au with:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Assessment: Within 1 week
- Fix/Disclosure: Coordinated with reporter
This policy covers:
- The PACT specification (this repository)
- The reference implementation (Tailor)
- JSON Schema definitions
- Example code in this repository
| Version | Supported |
|---|---|
| v0.4 (draft) | Yes |
| v0.3 (stable) | Yes |
| < v0.3 | No |