We are committed to maintaining the security of this repository and its associated software. As part of this commitment, we provide security updates for the most recent release. Currently, this library is in an experimental state and does not have a major release yet. This might not change for the near future, as there is still a lot of work to be done. Until then, the versioning will stay at 0.x.x. The first major release will be 1.0.0. As long as there is no major release, we will only provide support for the most recent (minor) version.

Our library is built using Golang, specifically version 1.21.4, and we aim to stay as close to the current version of Go as possible to ensure security and compatibility.

As of now, this library only supports Go 1.21.x. This will most likely be the case until version 1.22.0 is released. In the future we will try to follow the official compatibility policy of Go, which means that we will provide support for the recent two releases. These versions will be 1.22.x and 1.21.x.

Older versions will not receive security updates or fixes.

If you discover a security vulnerability within this repository, please reach out to us immediately. We take all legitimate security concerns seriously and will do our best to address the issue as quickly as possible.

To report a security vulnerability, please follow these steps:

1. Do not create a public GitHub issue for the vulnerability.
2. Contact the code owner of this repository via the official SurrealDB Discord server with a detailed description of the vulnerability.
3. Include steps to reproduce the vulnerability and any relevant information that could help us understand and address the issue.
4. We will acknowledge your email within reasonable time and provide an expected timeline for addressing the vulnerability.
5. Once we have addressed the vulnerability, we will release a new version as soon as possible and update the affected versions accordingly.

Please note that as we prioritize security, we kindly request that you refrain from publicly disclosing the vulnerability until we have had a chance to address it. We will make every effort to keep you informed about our progress and the resolution of the issue.

For updates on security-related issues, fixes, and new releases, you can watch this repository on GitHub. Additionally, you can subscribe to release notifications to stay informed about new versions and security updates.

Thank you for your cooperation and assistance in making our software secure.