We provide security updates and fixes actively for the latest major version of the project. Previous major versions are supported until 1 year after the release of the next major version.
| Version | Supported |
|---|---|
| 2.3.x | ✅ |
| 2.2.x | ✅ |
| 2.1.x | ❌ |
| < 2.0 | ❌ |
We take security very seriously. If you have found any issues that might have security implications, please send a report to our dedicated email at jpcadena@espol.edu.ec instead of posting a public issue on GitHub.
When reporting, please include as much information as possible to help us understand the scope and severity of the issue. This may include:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impacts of the vulnerability
- Suggestions for mitigating the vulnerability, if any
Please avoid including sensitive information in the initial report. We will provide a secure, encrypted channel for further communication after the initial report.
After you have reported a vulnerability:
- Acknowledgement: We will acknowledge your email within 3 business days.
- Verification & Analysis: Our security team will work to verify the vulnerability and determine its potential impacts.
- Response & Mitigation: We will aim to provide a first response, including our plans for mitigating the vulnerability, within 10 business days.
- Communication: If the vulnerability is confirmed, we will release a security advisory on our GitHub repository and might also communicate it via other channels.
We appreciate your effort in improving the security of our project and will acknowledge your contribution when we disclose the issue, unless you prefer to remain anonymous.