The following versions are supported when reporting an active vulnerability:
| Version | Supported |
|---|---|
| master | ✅ |
| feat/ branches | ❌ |
Once the project has reached a stable 1.0.0 release and is out of active development, we will maintain a list of supported release tags.
To report a vulnerability, click here.
Do NOT report an active vulnerability in the form of an issue or in our Discord.
Join our Discord at effectindex.com/discord or email [email protected] to let us know about your report or to ask questions. You can expect a response about your report being received within 24 hours, along with an ETA on a fix and relevant advisories.
Please make sure to include steps to reproduce it, or describe the vulnerability, to the best of your abilities.
Please note, certain vulnerabilities may be filed as "known" with a relevant issue linked, and releasing a fix will not be prioritized / not be expected within 24 hours. This only applies to vulnerabilities that do not affect sensitive user data access, RCEs, or anything inherently dangerous to the project and its users.
We will let you know if this is the case, and will still respond to confirm your report being received within 24 hours.