We release patches for security vulnerabilities. Which versions are eligible for receiving such patches depend on the CVSS v3.0 Rating:
| Version | Supported |
|---|---|
| 1.0.0 | ✅ |
If you discover a security vulnerability, please do the following:
-
Contact us directly. Do not create an issue or post in public forums. Instead, email us at [email protected] with the details of the vulnerability. Please include:
- A description of the vulnerability.
- Steps to reproduce the issue.
- Any relevant logs or screenshots.
-
Wait for a response. We will acknowledge your email within 48 hours and provide a detailed response within 7 days, including an estimated timeline for a fix.
-
Coordinate disclosure. We are committed to addressing all reported security vulnerabilities promptly. We will work with you to coordinate an appropriate disclosure timeline.
We will inform users about any security vulnerabilities and their fixes via GitHub releases and the project’s README file.
We prefer all communications to be in English.
Thank you for helping us keep this project secure!