This document outlines security procedures and policies for maintaining the security of this project.
The security of our project is of paramount importance. If you discover a security vulnerability, we appreciate your responsible disclosure. Here's how to proceed:
- Create an Issue: Use the GitHub Issue system to report the security vulnerability. Public disclosure helps ensure transparency and allows more eyes on the code.
- Merge Request (Optional): If you're able and willing, you can submit a merge request with a proposed fix for the vulnerability. Your contribution will be valued and acknowledged.
We aim to acknowledge your report within 7 days. You can expect a more detailed response during this time, outlining the next steps for handling the report.
For vulnerabilities in third-party modules, please report them to the maintainers of the respective modules.
We follow a systematic approach to address security vulnerabilities:
- Confirmation and Assessment: We validate and determine the affected versions and components.
- Code Audit: We perform a thorough code audit to identify any similar vulnerabilities.
- Fix Preparation: We prepare fixes for all active and maintained releases as swiftly as possible.
We value your input in making our security procedures even better. If you have suggestions for improving this process, please feel free to submit a pull request with your proposed changes.
Thank you for your dedication to the security of our project.
Note: The details of this policy may change over time, but the commitment to security will remain consistent.