The following table shows the versions of the project that are currently supported and can expect to receive security updates.
| Version | Supported |
|---|---|
| 0.X.X | ✅ |
We gladly accept and appreciate any responsible disclosure of security vulnerabilities.
Please do
- contact us directly via security@lise.de.
- provide us with a detailed description of the vulnerability and the steps to reproduce it.
- state your contact information for further communication.
Please do not
- disclose the vulnerability publicly until we have had a chance to address it.
- create a GitHub issue for the vulnerability.
- exploit the vulnerability to gain access to systems or data.
- include any personal data (including payment information) in your report.
You may
- encrypt your mail using our public key. You can find it as described in our security.txt file or directly on the key server.
- provide a minimal proof of concept to demonstrate the vulnerability.
We will
- acknowledge your report within 24 hours or on the next working day.
- check and address your report as soon as possible.
- award a voluntary bug bounty depending on the severity.