We take the security of our users and their data very seriously. This Security Policy outlines the currently supported versions of our project that receive security updates, and how you can report potential vulnerabilities in a responsible manner. By working together, we can maintain a secure environment for everyone.
This section details the versions of our project that currently receive security updates. We prioritize the security of our users and recommend upgrading to a supported version if you are using an unsupported one.
| Version | Supported | End of Life (EOL) | Disclaimer |
|---|---|---|---|
| 2.0.x | ❌ | Not yet announced | none |
| 1.0.x | ❌ | Not yet announced | none |
| < 1.0 | ❌ | Not yet announced | Use at Your Own Risk |
Note: We recommend staying up-to-date with the latest version to benefit from the most recent security fixes and enhancements.
We appreciate your assistance in keeping our project secure. If you discover a potential security vulnerability, please report it responsibly by following these guidelines:
Email: [email protected] Subject: [IMP_SEC] Security Vulnerability Report/Issue/Findings for Conduit - [Version] (if applicable) Details: Please provide a detailed description of the vulnerability, including steps to reproduce it (if possible), potential impact, and any relevant code snippets.
We will acknowledge receipt of your report asap! We will investigate the reported vulnerability and provide you with an update on our findings within days. If the vulnerability is confirmed, we will prioritize fixing it and releasing a security patch as soon as possible. We will not disclose the details of the vulnerability publicly until a fix is available, except to acknowledge the reporter as described above. We appreciate your patience and cooperation throughout this process.
We acknowledge the valuable contribution of users who identify vulnerabilities.
If you report a previously unknown vulnerability (not listed in any public vulnerability database like the GitHub Advisory Database),
and we confirm and fix it, we will publicly recognize your contribution in the release notes for the patch that addresses the vulnerability.
This recognition will include your name (with your permission) or a chosen alias, inside this repository and in the patch notes.
Thank you for helping us maintain a secure project!