| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security vulnerability, please follow these steps:
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them privately by:
- Email: Send details to security@your-domain.com
- GitHub Security Advisories: Use the "Security" tab in this repository to report privately
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes (if you have them)
- Your contact information
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Initial Assessment: We will provide an initial assessment within 5 business days
- Updates: We will keep you informed of our progress
- Resolution: We aim to resolve critical vulnerabilities within 30 days
- We will work with you to understand and resolve the issue
- We will not take legal action against researchers who:
- Follow responsible disclosure practices
- Do not access or modify data beyond what's necessary to demonstrate the vulnerability
- Do not perform attacks that could harm our users or systems
- We will publicly acknowledge your responsible disclosure (unless you prefer to remain anonymous)
Security updates will be released as soon as possible and will be clearly marked in:
- Release notes
- CHANGELOG.md
- Security advisories
At this time, we do not offer a paid bug bounty program, but we deeply appreciate security researchers who help keep our project safe.
When using this library:
- Keep your dependencies up to date
- Follow secure coding practices
- Validate all inputs
- Use the latest supported version
- Monitor security advisories
For security-related questions or concerns, contact:
- Email: security@your-domain.com
- Maintainer: @zestic