We actively maintain and provide security updates for the following versions of the Verilog Library:
| Version | Supported |
|---|---|
| main | ✅ (actively maintained) |
| stable | ✅ (bug + security fixes) |
| legacy | ❌ (no longer supported) |
Note: Older releases are not patched. Please upgrade to the latest supported version.
If you discover a security issue in this project, please help us keep the community safe by reporting it responsibly.
-
Where to report:
Open a confidential security advisory via GitHub → Security → Report a vulnerability. -
What to include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
-
Response timeline:
- We will acknowledge receipt within 48 hours.
- You can expect a status update within 7 days.
- Accepted vulnerabilities will be patched promptly, and you’ll be credited in the changelog.
- Please do not disclose vulnerabilities publicly until they are fixed.
- We encourage responsible disclosure and will work with you to resolve issues quickly.
- Declined reports will include an explanation.
This policy is adapted from GitHub’s recommended SECURITY.md practices and the Contributor Covenant guidelines.