We release patches for security vulnerabilities. Which versions are eligible for receiving such patches depends on the CVSS v3.0 Rating:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
Please report (suspected) security vulnerabilities to your-email@example.com. You will receive a response within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.
Please include:
- A detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Suggested fixes (if any)
- Never commit API keys or secrets to the repository
- Use environment variables for sensitive configuration
- Keep dependencies up to date
- Review pull requests carefully
- Report security issues responsibly