Skip to content

Security: nextcss/color-tools

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in this project, please report it to us by sending an email to admin@nextcss.com. We will do our best to promptly address the issue.

Responsible Disclosure

We value the work of the security community and encourage responsible disclosure of vulnerabilities. If you are unsure if a behavior is a security vulnerability, please send an email to admin@nextcss.com explaining the suspected issue. We will work with you to determine if the behavior is a security vulnerability and will provide guidance on how to proceed.

Vulnerability Disclosure Timeline

We will do our best to follow the following timeline when addressing reported vulnerabilities:

  • Within 1 business day of receiving the report, we will send an acknowledgement email to the reporter acknowledging receipt of the report.
  • Within 2 business days of receiving the report, we will determine the severity of the report and assign a priority level to the report.
  • Within 1 week of receiving the report, we will either:
    • Issue a patch and send a notification email to the reporter indicating that the vulnerability has been fixed.
    • Provide a detailed response to the reporter explaining why the behavior does not qualify as a vulnerability.

Acknowledgements

We would like to thank the following individuals for responsibly disclosing vulnerabilities:

Zsolt Tövis

Contact

For any questions or concerns about our security policy, please contact us at admin@nextcss.com.

There aren’t any published security advisories