The following table outlines which versions of this project are currently supported with security updates.
| Version | Supported |
|---|---|
| Latest release | ✅ |
| Older releases | ❌ |
Only the most recent stable release is actively maintained. Users are strongly encouraged to upgrade to the latest version to receive security fixes.
We take security vulnerabilities seriously. If you discover a potential security issue, please report it responsibly.
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, use one of the following methods:
- GitHub Security Advisories (preferred)
- Email the maintainers directly (if a security contact is listed in the repository)
When reporting a vulnerability, please include as much information as possible, such as:
- A clear description of the issue
- Steps to reproduce the vulnerability
- Affected versions
- Potential impact
- Any known mitigations or workarounds
- Proof-of-concept code (if available)
Once a vulnerability is reported, the maintainers will:
- Acknowledge receipt of the report within a reasonable timeframe.
- Assess the severity and scope of the issue.
- Work on a fix or mitigation strategy.
- Prepare a security release if required.
- Publicly disclose the vulnerability once a fix is available, giving appropriate credit to the reporter (if desired).
Timelines for resolution may vary depending on the complexity and severity of the issue.
Security fixes will be released as soon as reasonably possible. Updates may include:
- Patch releases
- Minor or major version updates (if required)
Users are responsible for keeping their dependencies and deployments up to date.
We recommend the following security best practices when using or contributing to this project:
- Keep your environment and dependencies updated.
- Review third-party libraries for known vulnerabilities.
- Follow the principle of least privilege.
- Avoid committing secrets, credentials, or private keys to the repository.
- Use environment variables or secure secret management solutions.
If you wish to contribute to improving the security of this project:
- Follow secure coding practices.
- Ensure changes do not introduce new vulnerabilities.
- Consider running static analysis or security scanning tools before submitting pull requests.
This security policy applies only to this repository and its official releases. Issues arising from third-party integrations, forks, or modified versions of the project are outside the scope of this policy.
We appreciate the efforts of security researchers and community members who responsibly disclose vulnerabilities and help improve the security of this project.
Thank you for helping keep this project and its users safe.