We provide security updates for specific versions of this project. If you're using a version that is no longer supported, we recommend upgrading to a supported version to receive the latest security patches and improvements.
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
- Versions 1.x.x are currently supported with regular security updates.
If you discover a security vulnerability in this project, we encourage you to report it as soon as possible. Please follow the steps below to ensure the issue is addressed efficiently and securely.
-
Create a GitHub Issue:
- Report the vulnerability in our GitHub Issues section.
- Provide as much detail as possible, including:
- A description of the vulnerability
- Steps to reproduce (if applicable)
- Version number(s) affected
- Any related logs or evidence
- If the issue is related to a specific file or function, include that information to assist with a quicker resolution.
-
Security Email:
- If you'd prefer to report the vulnerability privately, you can also email us at hexdee606@gmail.com.
-
Response Time:
- We aim to acknowledge all reported vulnerabilities within 48 hours.
- Depending on the complexity, a fix may take several days to weeks to be released. We will keep you updated during the process.
-
Public Disclosure:
- Once a vulnerability is confirmed and fixed, we will publish a security advisory.
- We will work with you to determine the best time for public disclosure, ensuring minimal risk to users.
- We request that details of the vulnerability remain confidential until the fix is publicly available.
- Triage and Acknowledgment: Once a report is received, we will validate the vulnerability, and you'll receive an acknowledgment and updates on its status.
- Resolution and Fixes: If the vulnerability is confirmed, we will issue a patch or recommend workarounds to mitigate risks.
- Communication: If the vulnerability affects multiple versions, we may issue an advisory for all affected versions with details on how to fix or mitigate the issue.
-
Secure Development: We encourage contributors to follow best practices for security when submitting pull requests. This includes reviewing code for potential security risks, ensuring that sensitive data like passwords or tokens are not hardcoded, and using secure libraries.
-
Use Dependabot or Similar Tools: We rely on tools like Dependabot to monitor and manage dependencies for security vulnerabilities.
-
Severity Classification: All reported vulnerabilities will be assessed for severity. We follow a basic classification of low, medium, and high severity based on the impact of the vulnerability on users and the potential exploitation vectors.
-
Timely Patching: Once a patch is identified, we aim to release it within the shortest possible timeframe. Users will be notified through GitHub releases, and if applicable, through email updates.
While we strive to make this project secure, we cannot guarantee that it is free from vulnerabilities. Users and contributors are responsible for securing their implementations and ensuring their systems are protected from potential threats.
As this is an open-source project, no payment is required to report a vulnerability, access the source code, or receive updates. We believe in providing free and open access to the community for the benefit of everyone.
- This security policy is designed to foster an open, collaborative, and secure environment for both contributors and users.
- We value security and take the necessary steps to ensure that our software remains safe for the community.
- As part of our commitment to open-source principles, all contributions, fixes, and updates are free of charge, and there is no expectation of payment for using or contributing to the project.