We currently provide security updates for the following versions of our project:
| Version | Supported |
|---|---|
| 2.x.x | ✅ |
| 1.5.x | ✅ |
| < 1.5 | ❌ |
We take the security of our project seriously. If you discover a security vulnerability, please follow these steps:
- Do not disclose the vulnerability publicly.
- Send a detailed report to our security team at [email protected].
- Include the following in your report:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any possible mitigations or workarounds
Our security team will acknowledge your email within 48 hours and will send a more detailed response within 5 business days, indicating the next steps in handling your report.
After the initial reply to your report, our security team will keep you informed about the progress towards a fix and full announcement. We may ask for additional information or guidance during this process.
When we receive a security bug report, we will:
- Confirm the problem and determine affected versions.
- Audit code to find any similar problems.
- Prepare fixes for all supported versions.
- Release patched versions as soon as possible.
If you have any suggestions to improve this security policy, please send an email to [email protected] with your ideas.