Security fixes are provided for currently supported release lines of switon/command (switon/command on Packagist).
| Version line | Supported |
|---|---|
1.x (latest stable release) |
Yes |
| Older major/minor lines with no maintained tag | No |
Check the latest release tag (for example v1.0.1 on this repository) before reporting.
Please do not open a public GitHub issue for security vulnerabilities.
Use one of these channels:
-
GitHub private vulnerability reporting (preferred)
Report a vulnerability -
Email
Send details to admin@switon.dev.
- Affected version (Composer constraint, tag, or commit)
- Clear description of the issue and impact
- Steps to reproduce, or a minimal proof of concept when possible
- Any suggested fix or mitigation you have already identified
- Acknowledge receipt as soon as practicable (typically within a few business days)
- Confirm whether the report affects supported versions
- Work on a fix and coordinated disclosure
- Publish a security advisory and patched release when appropriate
- Credit reporters in the advisory when they wish to be named
The following are generally not treated as security vulnerabilities here:
- Reports against unsupported or unmaintained version lines
- Issues that require misconfiguration or deployment choices outside documented guidance
- Denial-of-service scenarios with no practical impact on confidentiality or integrity at default settings
- Vulnerabilities in third-party dependencies already fixed in a newer supported release of that dependency (please report upstream; we will bump dependencies as part of maintenance)
For non-security bugs and feature requests, use the normal issue tracker on this repository.