Use this section to tell users about which versions of your software are currently being supported with security updates. We have provided an example table below, but you should modify it according to your actual supported versions.
Version | Supported |
---|---|
1.0.x | ✅ |
< 1.0 | ❌ |
The security of our software is a top priority. If you believe you have found a security vulnerability in our software, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the issue.
Please report any security vulnerabilities by sending an email to security@fedstack.org.
When reporting a vulnerability, please include the following information:
- A clear and concise description of the potential vulnerability.
- Steps to reproduce or proof of concept, if possible. This information will help us to reproduce the vulnerability and, if confirmed, to fix it as quickly as possible.
- Any possible impacts of the vulnerability, if known.
Please do not disclose the vulnerability publicly until we have had a chance to investigate and address it. We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.
After you submit your report, we will respond as quickly as we can to acknowledge receipt of your report. We'll then communicate with you to follow up on your report, usually within a few days. We may request additional information if needed to investigate the issue.
We will notify you when the vulnerability has been fixed, and we may ask you to confirm that the solution works for you. We appreciate your assistance in the responsible disclosure of security vulnerabilities.