• Supported Versions
• Reporting a Vulnerability
• Disclosure Policy
• Process
• Preferences for Responsible Disclosure
• License

The only versions of our project currently being supported with security updates are:

1.0.0

We value the work of security researchers and believe that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our users.

We encourage you to notify us if've found a security vulnerability in our product you believe you. We welcome working with you to resolve the issue promptly.

• Please let us know as soon as possible when you find a potential security issue, and we'll make every effort to quickly resolve the issue.
• Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
• Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research.

• Open a new issue in our GitHub repository with the details of the potential vulnerability. Please use as much detail as possible.
• We will respond acknowledging receipt of your vulnerability report.
• Our team will investigate the issue and develop an update or patch.
• Once we have resolved the issue, we may provide acknowledgement in the commit message and in our public-facing documentation, if you grant us permission to do so.

Please note, the issues tracker is only for reporting vulnerabilities. For regular bugs and issues, please use the standard issue tracker.

We will not take legal action against you or administrative action against your account if you act according to this policy and provide us with information about vulnerabilities in our software.

This Security Policy is licensed under the Eclipse Public License 2.0 (EPL-2.0).