We actively support the following versions with security updates:
| Version | Supported |
|---|---|
| 2.0.x | ✅ |
| < 2.0 | ❌ |
If you discover a security vulnerability in Pragmatic UX Design, please help us by reporting it responsibly.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by emailing: patrick.federi@ergon.ch
Please include the following information in your report:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact and severity
- Any suggested fixes or mitigations
- Your contact information for follow-up
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Investigation: We will investigate the issue and determine its validity
- Updates: We will keep you informed of our progress
- Resolution: We will work to resolve valid security issues
- Disclosure: We will coordinate disclosure timing with you
- Keep your dependencies updated
- Use HTTPS for all communications
- Validate and sanitize user inputs
- Implement proper authentication and authorization
- Regularly audit your code and infrastructure
We kindly ask that you:
- Give us reasonable time to fix the issue before public disclosure
- Avoid accessing or modifying user data
- Don't perform DoS attacks or degrade service performance
- Don't spam our systems with automated vulnerability scanners
We appreciate security researchers who help keep our users safe. With your permission, we may publicly acknowledge your contribution to our security.
For security-related questions or concerns:
- Email: patrick.federi@ergon.ch
- Security.txt: https://pragmaticuxdesign.com/.well-known/security.txt