Skip to content

Latest commit

 

History

History
51 lines (27 loc) · 2.84 KB

SECURITY.md

File metadata and controls

51 lines (27 loc) · 2.84 KB

Security Policy

Reporting Security Issues

DO NOT file a public issue to report a security vulnerability, as it could put the security of the project and its users at risk. Instead, please follow the instructions below.

To report a security issue, please send an email to mail with the following details:

  • Your name and affiliation (if applicable).
  • A detailed description of the vulnerability, including steps to reproduce (if possible).
  • Any relevant logs, error messages, or screenshots that can help understand and assess the issue.
  • Any other relevant information that might help us understand and address the vulnerability.

We will acknowledge your email within 48 hours and strive to provide a timeline for a resolution or further steps within 72 hours of acknowledgment.

Please note that this email is for reporting security vulnerabilities only. For general inquiries or support requests, please contact us through the appropriate channels mentioned in the project's documentation.

Security Updates

We are committed to addressing security vulnerabilities and will provide security updates for supported versions. Please make sure to always use a supported version of the project to receive these updates.

Vulnerability Disclosure Process

  1. Report: Send an email to the official mail. to report the vulnerability. Include all necessary information for us to understand and reproduce the issue.

  2. Assessment: We will triage and assess the reported vulnerability. We may request additional information or clarifications from you.

  3. Fix & Validation: If the vulnerability is confirmed, we will work on a fix. Once the fix is ready, we will validate it to ensure it effectively addresses the vulnerability without introducing new issues.

  4. Security Update: A security update will be released containing the fix. This update will be made available for all supported versions.

  5. Public Disclosure: We will wait for a reasonable period of time to allow users to update to the patched versions. After this period, we will publicly disclose the vulnerability, along with information about the fix.

Best Practices for Users

  • Keep your project dependencies updated to ensure you have the latest security patches.

  • Star the repository.

  • If you're using third-party packages, regularly check for their security advisories and updates.

Responsible Disclosure

We appreciate the security community's efforts in disclosing vulnerabilities responsibly and will acknowledge your contributions. We are committed to addressing security issues promptly and providing appropriate credit to reporters.

Thank you for your collaboration in making our project safe and secure.

Disclaimer

This document may be subject to changes and updates. It's your responsibility to stay informed about the latest version and content.