Use this section to tell people about which versions of your project are currently being supported with security updates.
Version | Supported |
---|---|
1.8.x | ✅ |
If you discover any security vulnerabilities or concerns within this project, we appreciate your help in responsibly disclosing it to us. To report a vulnerability, please follow these steps:
- Email our security team with a detailed description of the vulnerability.
- Provide step-by-step instructions to reproduce the vulnerability or, if possible, provide a proof-of-concept (PoC).
- Include any relevant information, such as the affected versions, components, or dependencies.
- If applicable, provide suggestions or recommendations on how to address the vulnerability.
We will acknowledge your report within 48 hours and will work with you to understand the issue and evaluate its impact. Please give us a reasonable amount of time to investigate and respond before making any public disclosure.
- Responsible Disclosure: Please refrain from publicly disclosing any potential vulnerabilities until we have had a chance to address them.
- Scope: This security policy only covers the security of this project. If you find vulnerabilities in other projects or systems, please report them to the respective owners or organizations.
- No Compensation: We do not offer financial compensation for security reports. However, we will give credit to individuals or organizations who responsibly disclose vulnerabilities.
- Once we receive a vulnerability report, our security team will promptly review and prioritize it based on its severity and impact.
- We will investigate the reported vulnerability internally and assess its validity and potential impact on our system.
- Our team will collaborate to develop and implement a fix or mitigation strategy for the vulnerability.
- We will communicate with you throughout the process, providing updates and any additional information we may need.
- Once the vulnerability is resolved, we will publicly acknowledge your contribution, unless you request otherwise.
We value your efforts in making our project more secure. To encourage responsible disclosure, we commit to the following:
We will not initiate any legal action against you or pursue charges related to your vulnerability report if you comply with the following guidelines:
- Make a good-faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
- Do not exploit the vulnerability beyond what is necessary to prove its existence.
- Do not share any sensitive data obtained during your research, except for the purpose of demonstrating the vulnerability.
- Do not intentionally or maliciously harm our users or the integrity of our systems.
We appreciate the security community's efforts in discovering and responsibly disclosing vulnerabilities. We would like to give credit to individuals or organizations who have reported vulnerabilities, with their permission, unless they prefer to remain anonymous. If you would like to be credited, please let us know when submitting your report.
Thank you for your contributions to the security of this project. Together, we can ensure a safer environment for everyone who uses it.