We release patches for security vulnerabilities for the following versions:
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
If you discover a security vulnerability within DoxygenTool, please send an email to the maintainers. All security vulnerabilities will be promptly addressed.
Please do not report security vulnerabilities through public GitHub issues.
When reporting a vulnerability, please include:
- Type of vulnerability
- Full paths of source file(s) related to the vulnerability
- Location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
- We will acknowledge your email within 48 hours
- We will provide a detailed response within 7 days
- We will work on a fix and keep you updated on progress
- We will notify you when the vulnerability is fixed
- The vulnerability is received and assigned to a primary handler
- The problem is confirmed and affected versions are determined
- Code is audited to find similar problems
- Fixes are prepared for all supported versions
- New versions are released with security patches
If you have suggestions on how this process could be improved, please submit a pull request or open an issue.