| Version | Supported |
|---|---|
| 2.x | Yes |
| 1.x | No |
If you discover a security vulnerability, please report it privately rather than opening a public issue.
How to report:
- Email the maintainers with details of the vulnerability
- Include steps to reproduce if possible
- Allow reasonable time for a fix before public disclosure
What to expect:
- Acknowledgment within 48 hours
- Status update within 7 days
- Fix timeline depends on severity
Disclosure:
- We follow coordinated disclosure practices
- Credit will be given to reporters (unless anonymity is preferred)
- Public disclosure after a fix is available
This policy covers the indian-address-parser library and its official deployments. Third-party integrations are outside scope.
When using this library:
- Keep dependencies updated
- Validate and sanitize input addresses
- Use HTTPS for API endpoints
- Follow your organization's security guidelines