Version | Supported |
---|---|
5.1.x | ✅ |
5.0.x | ❌ |
4.0.x | ✅ |
< 4.0 | ❌ |
Please note that we only fix security vulnerabilities in supported versions.
In the event that you discover a vulnerability, we kindly request that you follow responsible disclosure principles:
-
Do not share the vulnerability in public, including the issue tracker.
-
Email our security team at Email. Please provide as many details as possible about the vulnerability.
This could include:
- Steps to reproduce the issue, or
- A proof-of-concept, or
- A patch that fixes the issue.
-
Wait for us to respond. We strive to respond to security reports within 48 hours. We kindly ask you to respect the time and effort it takes to investigate and patch vulnerabilities. With your cooperation, we can address security issues effectively and maintain the safety of our users.
Our team regularly checks for security vulnerabilities in our code and dependencies. When we discover a vulnerability, we will:
- Assess the vulnerability's impact.
- Develop a fix or find a workaround.
- Release a new, secure version or communicate the workaround to affected users.
- Document the vulnerability and the steps we took to address it in a security advisory.
Users are strongly encouraged to update their copies of our software whenever we release new versions. We also recommend that users watch our repository for new advisories.
Please note that we only fix security vulnerabilities in supported versions.
To ensure the security of our project, we adhere to the following principles:
-
Code Review: All changes must be reviewed by at least two core contributors before they can be merged into the main code base.
-
Dependency Management: We keep our project's dependencies up to date and review them for security vulnerabilities.
-
Security Training: Our team members receive regular training to stay current on best security practices and potential threats.
By adhering to these practices, we aim to provide a secure environment for all of our users.
If you have any non-vulnerability-related security questions or concerns, please feel free to open a discussion in our repository or reach out to us at Email.