Security Policy
Supported Versions
We currently support the following versions of the project with security updates:
| Version | Supported |
|---|---|
| v1.0.x | ✅ |
| < v1.0 | ❌ |
Reporting a Vulnerability
We take the security of this project very seriously. If you discover a security vulnerability within this project, please report it to us by following these steps:
- Do not open a public issue. This gives attackers an opportunity to exploit the vulnerability before we can release a fix.
- Create an advisory via the GitHub Security Advisory form to privately report the issue to the maintainers.
- Provide a detailed description of the vulnerability, including:
- The steps to reproduce the issue.
- The potential impact of the vulnerability.
- Any proof-of-concept code or screenshots.
We will acknowledge your report within 48 hours and provide an estimated timeline for a fix. We will keep you updated on our progress and notify you once the fix is released.
Security Best Practices
- We enforce HTTPS everywhere.
- Dependencies are automatically updated using Dependabot.
- Secrets are never committed to the repository and are managed via environment variables.
- We run regular security audits and dependency scanning using GitHub Actions.