Do not open a public GitHub issue for security vulnerabilities.
To report a security issue, please use one of the following:
- GitHub Security Advisories
- Contact the maintainer via GitHub
Please include:
- A description of the vulnerability
- Steps to reproduce or a proof-of-concept
- The affected version(s)
- Any potential impact
- Acknowledgment: within 48 hours of report
- Status update: within 7 days
- Fix: within 30 days for confirmed vulnerabilities
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We follow coordinated vulnerability disclosure:
- Report the vulnerability privately (see above)
- We will acknowledge your report and begin investigation
- We will develop and test a fix
- We will coordinate a release date with you
- We will publish a security advisory on GitHub along with the fix
- You will receive credit in the advisory (unless you prefer to remain anonymous)
We ask that you:
- Give us a reasonable amount of time to fix the issue before any public disclosure
- Do not exploit the vulnerability beyond what is necessary to demonstrate it
- Do not access or modify other users' data
We appreciate responsible disclosure and will acknowledge contributors who help keep GlowSchedule secure.