We take the security of the maskify project seriously. If you discover a security vulnerability, please do not open a public issue. Instead, please report it responsibly by emailing security details to the project maintainers.

1. Do not disclose the vulnerability publicly until we have had a reasonable opportunity to address it

2. Do provide detailed information about the vulnerability, including:

   • Description of the vulnerability
   • Steps to reproduce (if applicable)
   • Potential impact
   • Suggested fix (if you have one)

3. We will acknowledge receipt of your report within 48 hours

4. We will work with you to understand and validate the vulnerability

5. We will release a fix as soon as possible and credit you in the release notes (if desired)

When using maskify, please follow these best practices:

• Keep dependencies updated: Regularly update maskify and its dependencies to the latest versions
• Use in secure environments: Ensure that sensitive data being masked is handled in secure environments
• Validate input: Always validate and sanitize input data before processing
• Protect masked data: Even though data is masked, treat masked output with appropriate security measures
• Review code: For critical applications, review the maskify code to understand how it handles your data

Security updates are provided for:

• The latest major version
• The previous major version (for critical security issues)

Please upgrade to the latest version to ensure you have all security patches.

Any security advisories will be published in the project's GitHub Security tab and documented here.

We regularly audit our dependencies for security vulnerabilities. If you discover a vulnerability in a dependency, please report it to the appropriate maintainers and notify us so we can take action.

If you have any security-related questions or concerns about maskify, please contact the project maintainers through appropriate channels.

Last updated: 2025-12-06