At YiraBot, we take the security of our software and the trust of our users seriously. The purpose of this policy is to provide guidelines on reporting security vulnerabilities and to describe how we address these concerns.
Security updates and patches will be applied only to the most recent version of YiraBot. The following table outlines which versions are currently receiving security updates:
| Version | Supported |
|---|---|
| > 1.0.7 | ✅ |
| < 1.0.7 | ❌ |
If you believe you have found a security vulnerability in YiraBot, please follow these steps:
-
Do Not Publish the Vulnerability Publicly:
- Please do not report security vulnerabilities through public GitHub issues, forums, or other public channels.
-
Send a Detailed Report:
- Email your security findings to Owen Orcan
- Include detailed information about the issue, steps to reproduce, and any other information that might be helpful for understanding and resolving the vulnerability.
-
Wait for Response:
- After submitting your report, please give us a reasonable amount of time to respond and address the issue before disclosing it to others.
-
Disclosure Handling:
- Once the vulnerability has been evaluated and addressed, we may discuss it publicly to inform our user base. We will coordinate any public announcement with you to ensure that accurate information is released.
Upon receiving a report of a security vulnerability, our team will follow this process:
-
Confirmation and Evaluation:
- Confirm the issue and assess its impact and severity.
-
Fixing the Issue:
- Develop a security patch or workaround to address the vulnerability.
-
Releasing an Update:
- Release an updated version of YiraBot that resolves the issue.
-
Notifying Users:
- Inform users about the vulnerability and encourage them to update to the latest version.
-
Post-release Analysis:
- Conduct a post-incident review to learn from the vulnerability and improve future security practices.
We are committed to ensuring the security and privacy of our users. We appreciate your help in keeping YiraBot safe and secure.
Thank you for supporting YiraBot and its security.