The following table shows which versions of this project are currently supported with security updates.

Versions below 0.0.7 are considered end-of-life and will not receive security fixes or updates.

If you discover a security vulnerability, please report it responsibly.

Preferred reporting method:

• Open an issue on the repository (preferred) https://github.com/muhammad-fiaz/httpx.zig/issues

Other supported options:

• Create a Pull Request if you have already resolved the issue (avoid including sensitive exploit details)
• Create a GitHub Security Advisory for private disclosure

If the vulnerability is critical or sensitive, please start with a GitHub Security Advisory instead of a public issue.

When reporting a vulnerability, please include:

• Affected version(s)
• Clear description of the issue
• Steps to reproduce (if applicable)
• Potential impact or severity
• Suggested fix or mitigation (optional)

• Acknowledgement: within 48 hours
• Initial review: within 5-7 days
• Resolution: depending on severity and complexity

• Accepted:

  • A fix will be released for supported versions
  • A security advisory may be published
  • Credit will be given upon request

• Declined:

  • Issues affecting unsupported versions (< 0.0.7)
  • Expected or documented behavior
  • Issues already fixed in a newer release

Thank you for helping keep this project secure.