We actively support the following versions with security updates:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
We take the security of grule-plus seriously. If you believe you have found a security vulnerability, please report it to us as described below.
Instead, please report security vulnerabilities by LinkedIn: hungpdn
You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
Please include the following information (as much as you can provide):
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes or mitigations
- We will acknowledge receipt of your report within 24 hours
- We will provide a more detailed response within 72 hours indicating our next steps
- We will keep you informed about our progress throughout the process of fixing the vulnerability
- We will notify you when the vulnerability has been fixed
When we receive a security bug report, we will:
- Confirm the vulnerability and determine its impact
- Develop and test a fix
- Prepare a security advisory
- Release the fix and security advisory simultaneously
We follow a coordinated disclosure process and will give credit to the reporter in our security advisory (unless you prefer to remain anonymous).
Security updates will be released as soon as possible, typically within a few days of the fix being ready. We will announce security releases on:
- Our GitHub Security Advisories page
- Our changelog
- Our mailing list (if applicable)
If you have questions about this security policy, please LinkedIn hungpdn