We release patches for security vulnerabilities in the following versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability, please report it to us. We take all security vulnerabilities seriously and will address them promptly.
To report a vulnerability, please follow these steps:
- Create a security advisory on our GitHub repository. You can do this by navigating to the "Security" tab and selecting "Advisories" > "New draft advisory".
- Do not disclose the vulnerability publicly until we have addressed it.
- Include as much information as possible to help us understand and reproduce the issue.
We will acknowledge your report within 48 hours and provide a timeline for fixing the vulnerability.
We will notify users of security updates through:
- GitHub Releases
- Security advisories on our GitHub repository
- Email notifications (if subscribed)
To help keep your project secure, we recommend the following best practices:
- Regularly update dependencies to their latest versions.
- Use strong, unique passwords for all accounts.
- Enable two-factor authentication (2FA) where possible.
- Regularly review and audit your code for security issues.
Thank you for helping us keep our project secure!