I am committed to providing security updates for all versions of my project.
If you discover a security vulnerability within my project, please create a pull request or contact me on my socials. I will promptly review and respond to all reports.
When reporting a vulnerability, please include the following details:
- Description of the vulnerability
- Steps to reproduce the vulnerability
- Any additional information that could help me understand and address the issue
I acknowledge receipt of vulnerability reports within 48 hours and will provide an initial assessment of the report's validity and potential impact. I will strive to keep you informed about the progress of your report and notify you of any developments or fixes.
If your vulnerability report is accepted:
- I will work diligently to address the issue promptly and release a fix as soon as possible.
- Once a fix is released, I will notify you and provide guidance on how to apply the fix to your installation.
If your vulnerability report is declined:
- I will provide a detailed explanation of why the report was not accepted.
- If you believe the report was incorrectly declined, you may appeal the decision, and I will review the report again.
I appreciate your help in keeping my project secure. Thank you for your responsible disclosure of security vulnerabilities.