| Version | Supported |
|---|---|
| 0.1.x | Yes |
| Earlier | No |
Only the current 0.1.x release line receives security fixes. Older versions are unsupported.
Please do not open a public GitHub issue for security vulnerabilities.
Use GitHub's private vulnerability reporting instead:
- Go to https://github.com/TAJD/cofferdam/security/advisories/new
- Click "Report a vulnerability" and fill in the form.
- Your report will be visible only to the maintainer until a fix is published.
If you are unable to use the GitHub Security Advisory flow, you may contact the maintainer directly by email at tajdickson@protonmail.com. Please include "cofferdam security" in the subject line so the message is not missed.
| Milestone | Target |
|---|---|
| Acknowledgment of report | Within 7 days |
| Fix or status update | Within 30 days |
| Coordinated public disclosure | After a fix is published |
The maintainer will work with you to agree on a disclosure date once a fix is ready. If a fix requires more than 30 days, an interim status update will be sent within that window.