We take the security of our project seriously and appreciate your efforts to responsibly disclose any vulnerabilities you find. To report a security issue, please follow these steps:
- Please do not disclose the vulnerability publicly until we have had a chance to address it.
- Send an email to our security team at security@liblaf.me.
- Include details of the vulnerability, including:
- A description of the vulnerability.
- Steps to reproduce the issue.
- Information about the affected versions of the project.
- Any potential impact of the vulnerability.
- We will acknowledge your email within 48 hours and provide an estimated timeline for when you can expect a more detailed response.
- Once the vulnerability is resolved, we will work with you to determine the best time to disclose the issue publicly. We are committed to transparency and will credit you for your discovery, unless you prefer to remain anonymous.
The following versions of our project are currently being supported with security updates:
| Version | Supported |
|---|---|
| 2.x.x | ✅ |
| 1.x.x | ❌ |
| < 1.0 | ❌ |
To help ensure the security of our project, we recommend the following best practices:
- Regular Updates: Keep your dependencies and the project itself up to date with the latest versions.
- Code Reviews: Encourage peer reviews of pull requests to catch potential security issues early.
- Static Analysis: Use static analysis tools to identify potential vulnerabilities in the codebase.
- Testing: Implement comprehensive unit and integration tests to validate the security of the application.
We would like to thank the following individuals and organizations for responsibly disclosing vulnerabilities and helping us improve the security of our project:
- Contributor Name - [Vulnerability Description]
- Another Contributor - [Vulnerability Description]
For more information on security best practices, you can refer to the following resources:
Thank you for helping us keep our project secure!