Use this section to tell people about which versions of your project are currently being supported with security updates.
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take the security of our software seriously. If you believe you have found a security vulnerability in our project, please report it to us as described below.
Please disclose the vulnerability to us discreetly via email. Our dedicated security email address is: [email protected].
You can also report a vulnerability through GitHub Security Advisory:
- Go to the Security tab
- Click on New advisory
To help us better understand the nature and scope of the potential issue, please include as much of the following information as possible:
- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if available)
- Impact of the issue, including how an attacker might exploit the issue
This information will help us triage your report more quickly.
- We will acknowledge your report within 48 hours.
- We will create a non-public issue for further discussion and updates.
- We will keep you informed of the progress towards a fix.
- We will announce the issue once it's resolved.
We recognize and appreciate the efforts of security researchers and practitioners in making the internet a safer place, and we would be happy to acknowledge your contributions in our Hall of Fame.
Thank you for helping keep our users safe!